This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch lxoliva/thread-safety-docs.stgit created. glibc-2.18-545-gfc731fe
- From: aoliva at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 14 Aug 2013 01:39:25 -0000
- Subject: GNU C Library master sources branch lxoliva/thread-safety-docs.stgit created. glibc-2.18-545-gfc731fe
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, lxoliva/thread-safety-docs.stgit has been created
at fc731fec12b826be460969fe67a3d1f0adc70fd3 (commit)
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fc731fec12b826be460969fe67a3d1f0adc70fd3
commit fc731fec12b826be460969fe67a3d1f0adc70fd3
Merge: ed68c30 a4db052 188a9c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:36 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ed68c303d6f779bac439014c370ee067d84cd5b9
commit ed68c303d6f779bac439014c370ee067d84cd5b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:36 2013 -0300
push
diff --git a/meta b/meta
index c590fb2..7ccb65b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
-Head: 03deacb6111e143a3cad124bf1aee0d111f3bb81
+Previous: 188a9c2a1336cf01e4c46641dba1f90a79d73cf2
+Head: a4db052d330a9c934252bc3a1489c922ea797683
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -28,6 +28,6 @@ Applied:
wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
+ wip-manual-document-mt-safety-time.patch: a4db052d330a9c934252bc3a1489c922ea797683
Unapplied:
- wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
index ee52a8e..f168240 100644
--- a/patches/wip-manual-document-mt-safety-time.patch
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -1,5 +1,5 @@
-Bottom: 934314e9de7d53f206e47915ea85ef4798ee295a
-Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
+Bottom: 1055542944ccec75d19150bda526177d2f245c5a
+Top: 13da41faaf0af578a55abbc8971e69874c1f3914
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:50 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a4db052d330a9c934252bc3a1489c922ea797683
commit a4db052d330a9c934252bc3a1489c922ea797683
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=188a9c2a1336cf01e4c46641dba1f90a79d73cf2
commit 188a9c2a1336cf01e4c46641dba1f90a79d73cf2
Merge: c3e4f05 03deacb 6ca4824
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:35 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3e4f05ef5ef05650041900dbd4d5f0a3ba237e9
commit c3e4f05ef5ef05650041900dbd4d5f0a3ba237e9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:35 2013 -0300
push
diff --git a/meta b/meta
index 453dbe4..c590fb2 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 2cca10d1496cfd37dd55138428d66f765dbeafbe
-Head: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
+Previous: 6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
+Head: 03deacb6111e143a3cad124bf1aee0d111f3bb81
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -27,7 +27,7 @@ Applied:
wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
+ wip-manual-document-mt-safety-threads.patch: 03deacb6111e143a3cad124bf1aee0d111f3bb81
Unapplied:
- wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
index a8a9208..86850be 100644
--- a/patches/wip-manual-document-mt-safety-threads.patch
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -1,5 +1,5 @@
-Bottom: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
-Top: 934314e9de7d53f206e47915ea85ef4798ee295a
+Bottom: da17c9be69e48d21ca52d734c608880653385a32
+Top: 1055542944ccec75d19150bda526177d2f245c5a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:14:35 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=03deacb6111e143a3cad124bf1aee0d111f3bb81
commit 03deacb6111e143a3cad124bf1aee0d111f3bb81
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
commit 6ca4824de83c6cdffa405e64ca12e2ca7d5c044e
Merge: 9cd0acc 2cca10d 7bdeaf7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:34 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9cd0acc9a99c7672ab8a4eedc1b9af34c2683708
commit 9cd0acc9a99c7672ab8a4eedc1b9af34c2683708
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:34 2013 -0300
push
diff --git a/meta b/meta
index 35c9bb8..453dbe4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: dda771a556f201b9d0ffccaca415109ccc15a047
-Head: 618424dc72936ee238334d665063f1dd84a12715
+Previous: 2cca10d1496cfd37dd55138428d66f765dbeafbe
+Head: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -26,8 +26,8 @@ Applied:
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
+ wip-manual-document-mt-safety-terminal.patch: 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
Unapplied:
- wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
index 09d43ed..77dcb9b 100644
--- a/patches/wip-manual-document-mt-safety-terminal.patch
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -1,5 +1,5 @@
-Bottom: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
-Top: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
+Bottom: 49462a8df64b7650a0f0439d8ebb0709f38313fb
+Top: da17c9be69e48d21ca52d734c608880653385a32
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:53 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
commit 7bdeaf7b03e2c3668857e0bd1506aff550d8d5a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2cca10d1496cfd37dd55138428d66f765dbeafbe
commit 2cca10d1496cfd37dd55138428d66f765dbeafbe
Merge: 715e15a dda771a 618424d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:33 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=715e15aad732599ba684b018145e7ac130194323
commit 715e15aad732599ba684b018145e7ac130194323
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:33 2013 -0300
push
diff --git a/meta b/meta
index f6cc64e..35c9bb8 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6bf09ff7800d73e6cd33a4d93004a9023f731dc0
-Head: bffba61b6f949ae966b8395e2285450fd747adae
+Previous: dda771a556f201b9d0ffccaca415109ccc15a047
+Head: 618424dc72936ee238334d665063f1dd84a12715
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -25,8 +25,8 @@ Applied:
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
+ wip-manual-document-mt-safety-string.patch: 618424dc72936ee238334d665063f1dd84a12715
Unapplied:
- wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
index c2dd68c..3fee822 100644
--- a/patches/wip-manual-document-mt-safety-string.patch
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -1,5 +1,5 @@
-Bottom: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
-Top: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
+Bottom: dd5da9bcdcb729b4272997ebdbf2d957a18c3919
+Top: 49462a8df64b7650a0f0439d8ebb0709f38313fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:13:24 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=618424dc72936ee238334d665063f1dd84a12715
commit 618424dc72936ee238334d665063f1dd84a12715
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dda771a556f201b9d0ffccaca415109ccc15a047
commit dda771a556f201b9d0ffccaca415109ccc15a047
Merge: 9395746 6bf09ff bffba61
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:32 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93957467a70cbb07091db9305c660192646c37f6
commit 93957467a70cbb07091db9305c660192646c37f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:32 2013 -0300
push
diff --git a/meta b/meta
index 8ad2fec..f6cc64e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 76bac2d3aff95109ec070609c061d068f345f872
-Head: b62126da8228002a5ceb39f3a8f8fc1335f71b52
+Previous: 6bf09ff7800d73e6cd33a4d93004a9023f731dc0
+Head: bffba61b6f949ae966b8395e2285450fd747adae
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -24,8 +24,8 @@ Applied:
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
+ wip-manual-document-mt-safety-resource.patch: bffba61b6f949ae966b8395e2285450fd747adae
Unapplied:
- wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
diff --git a/patches/wip-manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
index 4b6d73f..274d546 100644
--- a/patches/wip-manual-document-mt-safety-resource.patch
+++ b/patches/wip-manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 4275437ac31826c5f18c9a5e4b30e85235c02761
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: f51668851ee51ff2a8b1071a4f7537fa90aa45f0
+Top: dd5da9bcdcb729b4272997ebdbf2d957a18c3919
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bffba61b6f949ae966b8395e2285450fd747adae
commit bffba61b6f949ae966b8395e2285450fd747adae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6bf09ff7800d73e6cd33a4d93004a9023f731dc0
commit 6bf09ff7800d73e6cd33a4d93004a9023f731dc0
Merge: 30e5656 76bac2d b62126d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=30e5656bae5fa937caa508bb6d04ffd84e59afe2
commit 30e5656bae5fa937caa508bb6d04ffd84e59afe2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
diff --git a/meta b/meta
index 3cfe21d..8ad2fec 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5d4d522b68a597b9295d8fbabfbe708f3ee416dd
-Head: 062ff84a7871423535c7c5f066d10e4090c7538b
+Previous: 76bac2d3aff95109ec070609c061d068f345f872
+Head: b62126da8228002a5ceb39f3a8f8fc1335f71b52
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -23,8 +23,8 @@ Applied:
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
+ wip-manual-document-mt-safety-search.patch: b62126da8228002a5ceb39f3a8f8fc1335f71b52
Unapplied:
- wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
diff --git a/patches/wip-manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
index dfc7d5e..1f27ee4 100644
--- a/patches/wip-manual-document-mt-safety-search.patch
+++ b/patches/wip-manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
-Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
+Bottom: bcdc447440fd97e86fb3c83635b1c5f6ef3011db
+Top: f51668851ee51ff2a8b1071a4f7537fa90aa45f0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b62126da8228002a5ceb39f3a8f8fc1335f71b52
commit b62126da8228002a5ceb39f3a8f8fc1335f71b52
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76bac2d3aff95109ec070609c061d068f345f872
commit 76bac2d3aff95109ec070609c061d068f345f872
Merge: a43410a 5d4d522 062ff84
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a43410af92a9b5c8eb1b3add852ad8ce57bdff70
commit a43410af92a9b5c8eb1b3add852ad8ce57bdff70
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:31 2013 -0300
push
diff --git a/meta b/meta
index fab563c..3cfe21d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4f8bd859aa8ea04e484c884568c95714b760a431
-Head: 56b87287256294aac20d87cc8fb9f6b7febbe014
+Previous: 5d4d522b68a597b9295d8fbabfbe708f3ee416dd
+Head: 062ff84a7871423535c7c5f066d10e4090c7538b
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
+ wip-manual-document-mt-safety-startup.patch: 062ff84a7871423535c7c5f066d10e4090c7538b
Unapplied:
- wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 93b8b21..f3bfdad 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 34850c3fae2002c32308b3353855e2de0a18b4d3
-Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
+Bottom: 6fc14fb146cab43af0e1bda549c1bb507464c42d
+Top: bcdc447440fd97e86fb3c83635b1c5f6ef3011db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=062ff84a7871423535c7c5f066d10e4090c7538b
commit 062ff84a7871423535c7c5f066d10e4090c7538b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d4d522b68a597b9295d8fbabfbe708f3ee416dd
commit 5d4d522b68a597b9295d8fbabfbe708f3ee416dd
Merge: 9213fd5 4f8bd85 56b8728
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:30 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9213fd51ad214ae03727e1b1490eeec71ea0041d
commit 9213fd51ad214ae03727e1b1490eeec71ea0041d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:30 2013 -0300
push
diff --git a/meta b/meta
index 4e4f771..fab563c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c80d4db9267cd250c557ac1708878125a456db56
-Head: a7e2ad1ab8005398467e21a1903513ad72c3bb99
+Previous: 4f8bd859aa8ea04e484c884568c95714b760a431
+Head: 56b87287256294aac20d87cc8fb9f6b7febbe014
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
+ wip-manual-document-mt-safety-math.patch: 56b87287256294aac20d87cc8fb9f6b7febbe014
Unapplied:
- wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
diff --git a/patches/wip-manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
index 1477a1e..d65dda1 100644
--- a/patches/wip-manual-document-mt-safety-math.patch
+++ b/patches/wip-manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 9810f600dc88278307b0fb70f5a0bc3a128cac35
-Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Bottom: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
+Top: 6fc14fb146cab43af0e1bda549c1bb507464c42d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=56b87287256294aac20d87cc8fb9f6b7febbe014
commit 56b87287256294aac20d87cc8fb9f6b7febbe014
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4f8bd859aa8ea04e484c884568c95714b760a431
commit 4f8bd859aa8ea04e484c884568c95714b760a431
Merge: 128da13 a7e2ad1 c80d4db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=128da139d0c42cc18392024fdc8c2d0f449b51da
commit 128da139d0c42cc18392024fdc8c2d0f449b51da
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh
diff --git a/meta b/meta
index af0bab7..4e4f771 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
-Head: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
+Previous: c80d4db9267cd250c557ac1708878125a456db56
+Head: a7e2ad1ab8005398467e21a1903513ad72c3bb99
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -20,8 +20,7 @@ Applied:
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
- wip-manual-document-mt-safety-locale.patch: 87435eab512846c7999ee8bf7469e274a83555fe
- refresh-temp: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
+ wip-manual-document-mt-safety-locale.patch: a7e2ad1ab8005398467e21a1903513ad72c3bb99
Unapplied:
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 3fcd55a..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: 399ffe27a17cf7d3358a5588aa455450336867d1
-Top: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:38:27 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index da50d18..60e08d8 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -233,7 +233,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c and free, and _nl_find_locale, which amount to all documented safety
- @c issues. It also calls new_composite_name, setdata, and setname,
- @c without any additional issues. _nl_find_locale calls getenv, ...
--This function returns a pointer read
-+@c This function returns a pointer read...
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 3dfc7ca..2cf1838 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: 530229eff374ce006c4c7f955d1d897e0a4056c6
-Top: 399ffe27a17cf7d3358a5588aa455450336867d1
+Top: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..da50d18 100644
+index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@@ -29,7 +29,7 @@ index 2f10fcd..da50d18 100644
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
-+This function returns a pointer read
++@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c80d4db9267cd250c557ac1708878125a456db56
commit c80d4db9267cd250c557ac1708878125a456db56
Merge: 472509b 9c71bbf 35eee9e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=472509b5e1ba162e218857ef22fa50f4232ddea6
commit 472509b5e1ba162e218857ef22fa50f4232ddea6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 83bfe92..af0bab7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 117f96a014f403b989798de6173188a404217e23
-Head: 87435eab512846c7999ee8bf7469e274a83555fe
+Previous: 9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
+Head: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -21,6 +21,7 @@ Applied:
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
wip-manual-document-mt-safety-locale.patch: 87435eab512846c7999ee8bf7469e274a83555fe
+ refresh-temp: 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
Unapplied:
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..3fcd55a
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: 399ffe27a17cf7d3358a5588aa455450336867d1
+Top: 8b03cdaff12cf5536b0a91677ddb1a0ac1f9368e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:38:27 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index da50d18..60e08d8 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -233,7 +233,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @c and free, and _nl_find_locale, which amount to all documented safety
+ @c issues. It also calls new_composite_name, setdata, and setname,
+ @c without any additional issues. _nl_find_locale calls getenv, ...
+-This function returns a pointer read
++@c This function returns a pointer read...
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35eee9e8d5320718c1c0a525b3cd0f7739f0d427
commit 35eee9e8d5320718c1c0a525b3cd0f7739f0d427
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:38:27 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index da50d18..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -233,7 +233,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
@c and free, and _nl_find_locale, which amount to all documented safety
@c issues. It also calls new_composite_name, setdata, and setname,
@c without any additional issues. _nl_find_locale calls getenv, ...
-This function returns a pointer read
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7e2ad1ab8005398467e21a1903513ad72c3bb99
commit a7e2ad1ab8005398467e21a1903513ad72c3bb99
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..60e08d8 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+@c This function returns a pointer read...
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
commit 9c71bbfa5861775c9dcbfd52a2b0dffd88fc7c5e
Merge: 1a14ed1 117f96a 87435ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:26 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1a14ed12a61412dfdade038568d8f8765d31ff52
commit 1a14ed12a61412dfdade038568d8f8765d31ff52
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:26 2013 -0300
push
diff --git a/meta b/meta
index f13d651..83bfe92 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 039b5e411cd67063f2e119af1c56e349f170f4cf
-Head: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
+Previous: 117f96a014f403b989798de6173188a404217e23
+Head: 87435eab512846c7999ee8bf7469e274a83555fe
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -20,8 +20,8 @@ Applied:
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
+ wip-manual-document-mt-safety-locale.patch: 87435eab512846c7999ee8bf7469e274a83555fe
Unapplied:
- wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 3fe7a6a..3dfc7ca 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 1b3315652dde989dd535a1572985e5afdd6c5e99
-Top: 9810f600dc88278307b0fb70f5a0bc3a128cac35
+Bottom: 530229eff374ce006c4c7f955d1d897e0a4056c6
+Top: 399ffe27a17cf7d3358a5588aa455450336867d1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=87435eab512846c7999ee8bf7469e274a83555fe
commit 87435eab512846c7999ee8bf7469e274a83555fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=622b7f4fdcb3b1ade62c26693365f35a3a7a7031
commit 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=117f96a014f403b989798de6173188a404217e23
commit 117f96a014f403b989798de6173188a404217e23
Merge: 076cc66 039b5e4 622b7f4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:25 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=076cc66450c2311ca2f73682b21d6e88c1ca43ff
commit 076cc66450c2311ca2f73682b21d6e88c1ca43ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:25 2013 -0300
push
diff --git a/meta b/meta
index 423a8d6..f13d651 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 01b4ed4821c8fd161995206963f729f154dba7b4
-Head: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
+Previous: 039b5e411cd67063f2e119af1c56e349f170f4cf
+Head: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -19,8 +19,8 @@ Applied:
manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
+ manual-document-mt-safety-stdio.patch: 622b7f4fdcb3b1ade62c26693365f35a3a7a7031
Unapplied:
- manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 0de73f6..2534cf3 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 1b3315652dde989dd535a1572985e5afdd6c5e99
+Bottom: 1c79556edf2fc8cdc5742a63361502af02f3a7f6
+Top: 530229eff374ce006c4c7f955d1d897e0a4056c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=accb81f4e2f55ac6c8c0a9d8762668829bca23f8
commit accb81f4e2f55ac6c8c0a9d8762668829bca23f8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=039b5e411cd67063f2e119af1c56e349f170f4cf
commit 039b5e411cd67063f2e119af1c56e349f170f4cf
Merge: bbc438e 01b4ed4 accb81f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:24 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bbc438e08509e5fa1cc8c37dcc736102867ce763
commit bbc438e08509e5fa1cc8c37dcc736102867ce763
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:24 2013 -0300
push
diff --git a/meta b/meta
index d1a517e..423a8d6 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b698a1cb62c164162476e9ca5b2e8014b9e28a0f
-Head: b791ca7244516eba35200090ff65146015bbcf80
+Previous: 01b4ed4821c8fd161995206963f729f154dba7b4
+Head: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -18,8 +18,8 @@ Applied:
manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
+ manual-document-mt-safety-llio.patch: accb81f4e2f55ac6c8c0a9d8762668829bca23f8
Unapplied:
- manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 274aefd..ede6838 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
-Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Bottom: e39567735e51df9a1cbd6f9b527ba0ebaebcbadb
+Top: 1c79556edf2fc8cdc5742a63361502af02f3a7f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b791ca7244516eba35200090ff65146015bbcf80
commit b791ca7244516eba35200090ff65146015bbcf80
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=01b4ed4821c8fd161995206963f729f154dba7b4
commit 01b4ed4821c8fd161995206963f729f154dba7b4
Merge: 24ee441 b698a1c b791ca7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=24ee4411419f64016737dbf89dcb1d75f6df6aab
commit 24ee4411419f64016737dbf89dcb1d75f6df6aab
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
diff --git a/meta b/meta
index e2c5c27..d1a517e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ea8c680babd2266f6826b2f043599f311baa1f9f
-Head: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
+Previous: b698a1cb62c164162476e9ca5b2e8014b9e28a0f
+Head: b791ca7244516eba35200090ff65146015bbcf80
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -17,8 +17,8 @@ Applied:
manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
+ manual-document-mt-safety-lang.patch: b791ca7244516eba35200090ff65146015bbcf80
Unapplied:
- manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 09d2cc9..93ad7bd 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: b58e76e4078fdee40947d68820e0f861f8cac2de
-Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Bottom: c6b12eb06e14c9c5162f6f8386fb00a68dff09e7
+Top: e39567735e51df9a1cbd6f9b527ba0ebaebcbadb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b698a1cb62c164162476e9ca5b2e8014b9e28a0f
commit b698a1cb62c164162476e9ca5b2e8014b9e28a0f
Merge: 3f73f18 ea8c680 d2b8bf8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3f73f189c4043b265e67f000e7a70ec7ef5bbbcd
commit 3f73f189c4043b265e67f000e7a70ec7ef5bbbcd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:23 2013 -0300
push
diff --git a/meta b/meta
index 41c97ed..e2c5c27 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a93eed6f48d61323fe92247fc86da838ad4172f9
-Head: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
+Previous: ea8c680babd2266f6826b2f043599f311baa1f9f
+Head: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -16,8 +16,8 @@ Applied:
manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
+ manual-document-mt-safety-job.patch: d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
Unapplied:
- manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index e6f679b..ce62710 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 08a4456877254843d89c18fe88e4c0431857fcff
-Top: b58e76e4078fdee40947d68820e0f861f8cac2de
+Bottom: 2b93df95492ad4d1ceb8aa1d1cf8582c93b425b0
+Top: c6b12eb06e14c9c5162f6f8386fb00a68dff09e7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
commit d2b8bf860b81e8e95130a2b397bd63d3ac29f6f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea8c680babd2266f6826b2f043599f311baa1f9f
commit ea8c680babd2266f6826b2f043599f311baa1f9f
Merge: d3e4303 a93eed6 3a6ba50
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:22 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d3e430304b131011cea3a95b6a7e9946f6689af2
commit d3e430304b131011cea3a95b6a7e9946f6689af2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:22 2013 -0300
push
diff --git a/meta b/meta
index f5933c3..41c97ed 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b9765d52b038b1fdbfcfc48eee9147c715bac3ba
-Head: f543b69a645a445a7b7484e4e4729387deb00d58
+Previous: a93eed6f48d61323fe92247fc86da838ad4172f9
+Head: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -15,8 +15,8 @@ Applied:
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
+ manual-document-mt-safety-libdl.patch: 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
Unapplied:
- manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index abfb497..96f67fc 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: 08a4456877254843d89c18fe88e4c0431857fcff
+Bottom: 7673305db24e0b03187acb8928ddfeca18980793
+Top: 2b93df95492ad4d1ceb8aa1d1cf8582c93b425b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
commit 3a6ba503d2949acb7fd0d23fbdaaf056bb0a819f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a93eed6f48d61323fe92247fc86da838ad4172f9
commit a93eed6f48d61323fe92247fc86da838ad4172f9
Merge: 7ea26a0 b9765d5 f543b69
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:21 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ea26a00bfd4dc3967722d3e5d10e247de9515af
commit 7ea26a00bfd4dc3967722d3e5d10e247de9515af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:21 2013 -0300
push
diff --git a/meta b/meta
index f3dc0e0..f5933c3 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f65d41328fcfd4d4becadcb876f6f728780a5534
-Head: 88f6858a8c928050ef2686d392ea593e05cfc34a
+Previous: b9765d52b038b1fdbfcfc48eee9147c715bac3ba
+Head: f543b69a645a445a7b7484e4e4729387deb00d58
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -14,8 +14,8 @@ Applied:
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
+ manual-document-mt-safety-getopt.patch: f543b69a645a445a7b7484e4e4729387deb00d58
Unapplied:
- manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 753c8f5..54c020d 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
-Top: 18760d732995b8379bc372377398a8fd58732762
+Bottom: e32560bf251105655d134b5c41a9b8fdd9801d15
+Top: 7673305db24e0b03187acb8928ddfeca18980793
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f543b69a645a445a7b7484e4e4729387deb00d58
commit f543b69a645a445a7b7484e4e4729387deb00d58
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b9765d52b038b1fdbfcfc48eee9147c715bac3ba
commit b9765d52b038b1fdbfcfc48eee9147c715bac3ba
Merge: 8ed2f07 88f6858 f65d413
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:19 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ed2f0753e68f562d692c76b5e108bd61a9aca28
commit 8ed2f0753e68f562d692c76b5e108bd61a9aca28
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:19 2013 -0300
refresh
diff --git a/meta b/meta
index 7d6904c..f3dc0e0 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 46b56b66a87e1cb898bb251259eda2d285f81f55
-Head: fe69b4d1428162d2b3d8a819a66b192ef427a329
+Previous: f65d41328fcfd4d4becadcb876f6f728780a5534
+Head: 88f6858a8c928050ef2686d392ea593e05cfc34a
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -13,8 +13,7 @@ Applied:
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
- manual-document-mt-safety-filesys.patch: a9226edaf034632058b974acb03d3440eac70053
- refresh-temp: fe69b4d1428162d2b3d8a819a66b192ef427a329
+ manual-document-mt-safety-filesys.patch: 88f6858a8c928050ef2686d392ea593e05cfc34a
Unapplied:
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index a287465..5ffc492 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
Bottom: 94d2ef49874113afaf68e43004adb8da972729b9
-Top: ef75c87ba4586a879f503ee1b10a162b33a420e3
+Top: e32560bf251105655d134b5c41a9b8fdd9801d15
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 1df9cf2..2244025 100644
+index 1df9cf2..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@@ -292,7 +292,7 @@ index 1df9cf2..2244025 100644
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-+@c find_object (tsearch) and add_object (tfind).
++@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 2506c0f..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: ef75c87ba4586a879f503ee1b10a162b33a420e3
-Top: e32560bf251105655d134b5c41a9b8fdd9801d15
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:37:18 -0300
-
-Refresh of manual-document-mt-safety-filesys.patch
-
----
-
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 2244025..47176cc 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -1034,7 +1034,7 @@ transparently replaces the old implementation.
- @c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
- @c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
- @c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
--@c find_object (tsearch) and add_object (tfind).
-+@c find_object (tsearch) and add_object (tfind).
- @c Since each invocation of *ftw uses its own private search tree, none
- @c of the search tree concurrency issues apply.
- The @code{nftw} function works like the @code{ftw} functions. They call
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f65d41328fcfd4d4becadcb876f6f728780a5534
commit f65d41328fcfd4d4becadcb876f6f728780a5534
Merge: 16abc2e 46b56b6 fe69b4d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:18 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=16abc2e0ab1669be38ba2031daf5dd42ed208eef
commit 16abc2e0ab1669be38ba2031daf5dd42ed208eef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:18 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 8a44063..7d6904c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ad0739404f1903efd7a41c839a8ac8c637046c1d
-Head: a9226edaf034632058b974acb03d3440eac70053
+Previous: 46b56b66a87e1cb898bb251259eda2d285f81f55
+Head: fe69b4d1428162d2b3d8a819a66b192ef427a329
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -14,6 +14,7 @@ Applied:
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
manual-document-mt-safety-filesys.patch: a9226edaf034632058b974acb03d3440eac70053
+ refresh-temp: fe69b4d1428162d2b3d8a819a66b192ef427a329
Unapplied:
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..2506c0f
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: ef75c87ba4586a879f503ee1b10a162b33a420e3
+Top: e32560bf251105655d134b5c41a9b8fdd9801d15
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:37:18 -0300
+
+Refresh of manual-document-mt-safety-filesys.patch
+
+---
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 2244025..47176cc 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -1034,7 +1034,7 @@ transparently replaces the old implementation.
+ @c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+ @c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+ @c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+-@c find_object (tsearch) and add_object (tfind).
++@c find_object (tsearch) and add_object (tfind).
+ @c Since each invocation of *ftw uses its own private search tree, none
+ @c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe69b4d1428162d2b3d8a819a66b192ef427a329
commit fe69b4d1428162d2b3d8a819a66b192ef427a329
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:18 2013 -0300
Refresh of manual-document-mt-safety-filesys.patch
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 2244025..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -1034,7 +1034,7 @@ transparently replaces the old implementation.
@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-@c find_object (tsearch) and add_object (tfind).
+@c find_object (tsearch) and add_object (tfind).
@c Since each invocation of *ftw uses its own private search tree, none
@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=88f6858a8c928050ef2686d392ea593e05cfc34a
commit 88f6858a8c928050ef2686d392ea593e05cfc34a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..47176cc 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46b56b66a87e1cb898bb251259eda2d285f81f55
commit 46b56b66a87e1cb898bb251259eda2d285f81f55
Merge: c1491db ad07394 a9226ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:05 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c1491db817b576709534590538bcfed908ba8636
commit c1491db817b576709534590538bcfed908ba8636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:05 2013 -0300
push
diff --git a/meta b/meta
index 203e67f..8a44063 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7b17963914895e7c6e841738568c70e6b1dad418
-Head: c809e22eb30fc43d15192d36963a8e19f7d65b0c
+Previous: ad0739404f1903efd7a41c839a8ac8c637046c1d
+Head: a9226edaf034632058b974acb03d3440eac70053
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -13,8 +13,8 @@ Applied:
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
+ manual-document-mt-safety-filesys.patch: a9226edaf034632058b974acb03d3440eac70053
Unapplied:
- manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 7b4e146..a287465 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
-Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Bottom: 94d2ef49874113afaf68e43004adb8da972729b9
+Top: ef75c87ba4586a879f503ee1b10a162b33a420e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9226edaf034632058b974acb03d3440eac70053
commit a9226edaf034632058b974acb03d3440eac70053
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c809e22eb30fc43d15192d36963a8e19f7d65b0c
commit c809e22eb30fc43d15192d36963a8e19f7d65b0c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ad0739404f1903efd7a41c839a8ac8c637046c1d
commit ad0739404f1903efd7a41c839a8ac8c637046c1d
Merge: cf53de7 7b17963 c809e22
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:04 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cf53de7d61a899ee849e2b4185f768a916184a35
commit cf53de7d61a899ee849e2b4185f768a916184a35
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:04 2013 -0300
push
diff --git a/meta b/meta
index 0095f76..203e67f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ff4b802a46c6ed82436bd4d9652222c18aa88b51
-Head: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
+Previous: 7b17963914895e7c6e841738568c70e6b1dad418
+Head: c809e22eb30fc43d15192d36963a8e19f7d65b0c
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -12,8 +12,8 @@ Applied:
manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
+ manual-document-mt-safety-errno.patch: c809e22eb30fc43d15192d36963a8e19f7d65b0c
Unapplied:
- manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 7b30386..67a101a 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
-Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Bottom: 548606bab4bd38fa36c7264f1e06dbd818e0a4d4
+Top: 94d2ef49874113afaf68e43004adb8da972729b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
commit 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7b17963914895e7c6e841738568c70e6b1dad418
commit 7b17963914895e7c6e841738568c70e6b1dad418
Merge: 43a440e ff4b802 61349e0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:03 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=43a440e0d0fbf025378ed9aad5eed3d269781dbf
commit 43a440e0d0fbf025378ed9aad5eed3d269781dbf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:03 2013 -0300
push
diff --git a/meta b/meta
index bea7600..0095f76 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
-Head: c67c0318158e4a31db772c98b8828e54db56693e
+Previous: ff4b802a46c6ed82436bd4d9652222c18aa88b51
+Head: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -11,8 +11,8 @@ Applied:
manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
+ manual-document-mt-safety-debug.patch: 61349e0a2ebc1b1cb265b25c74ae39b2d5b85636
Unapplied:
- manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 2063a20..9b0749d 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
-Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Bottom: 3de021265ff25f1386d7a7c20b91b2a25d84120f
+Top: 548606bab4bd38fa36c7264f1e06dbd818e0a4d4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c67c0318158e4a31db772c98b8828e54db56693e
commit c67c0318158e4a31db772c98b8828e54db56693e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ff4b802a46c6ed82436bd4d9652222c18aa88b51
commit ff4b802a46c6ed82436bd4d9652222c18aa88b51
Merge: 6558fa6 90a7b88 c67c031
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:02 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6558fa65ae0022b261220c9136727dd174b01b3b
commit 6558fa65ae0022b261220c9136727dd174b01b3b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:02 2013 -0300
push
diff --git a/meta b/meta
index f3d91e6..bea7600 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 99a32f1e3010e8bbad037c1418ff9010c6bccbf2
-Head: 93bce6450adbd4597a1a0d96bca4162b367a61c4
+Previous: 90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
+Head: c67c0318158e4a31db772c98b8828e54db56693e
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -10,8 +10,8 @@ Applied:
manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
+ manual-document-mt-safety-ctype.patch: c67c0318158e4a31db772c98b8828e54db56693e
Unapplied:
- manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 8700f8e..c5de015 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
-Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Bottom: f7704f5b20f5c9943d0105fa39bc7bb7ffcbb869
+Top: 3de021265ff25f1386d7a7c20b91b2a25d84120f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93bce6450adbd4597a1a0d96bca4162b367a61c4
commit 93bce6450adbd4597a1a0d96bca4162b367a61c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
commit 90a7b8873b45a59d4ab0a1247cdaaae5d4ce9466
Merge: acd3a9a 99a32f1 93bce64
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:01 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=acd3a9a9fb2d00946518163380b31f4abbf04c0c
commit acd3a9a9fb2d00946518163380b31f4abbf04c0c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:01 2013 -0300
push
diff --git a/meta b/meta
index ac5bceb..f3d91e6 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9eac7aed6d7204866334765380c9f4dcf4d27712
-Head: b2f06012824f907fd1cb35844c2e7a054ddf81f9
+Previous: 99a32f1e3010e8bbad037c1418ff9010c6bccbf2
+Head: 93bce6450adbd4597a1a0d96bca4162b367a61c4
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
+ manual-document-mt-safety-crypt.patch: 93bce6450adbd4597a1a0d96bca4162b367a61c4
Unapplied:
- manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 20411b6..b799073 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
-Top: 25551ef91682bea014db1b2031e4dad60a4ba129
+Bottom: 45cccd4a47645a41bfaa6a90e93cd3906e8edfa6
+Top: f7704f5b20f5c9943d0105fa39bc7bb7ffcbb869
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b2f06012824f907fd1cb35844c2e7a054ddf81f9
commit b2f06012824f907fd1cb35844c2e7a054ddf81f9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=99a32f1e3010e8bbad037c1418ff9010c6bccbf2
commit 99a32f1e3010e8bbad037c1418ff9010c6bccbf2
Merge: b500f7d 9eac7ae b2f0601
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:00 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b500f7d93c0b4972c9ca8f81dc50fb6baa575be7
commit b500f7d93c0b4972c9ca8f81dc50fb6baa575be7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:37:00 2013 -0300
push
diff --git a/meta b/meta
index 5ba29aa..ac5bceb 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 349313a3dd747639c0add943ebcbfa40edc7b949
-Head: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
+Previous: 9eac7aed6d7204866334765380c9f4dcf4d27712
+Head: b2f06012824f907fd1cb35844c2e7a054ddf81f9
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
@@ -8,8 +8,8 @@ Applied:
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
+ manual-document-mt-safety-conf.patch: b2f06012824f907fd1cb35844c2e7a054ddf81f9
Unapplied:
- manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 0db760e..ad74927 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
-Top: 621eb53ac8713123406be43ebd474132b7c6e4de
+Bottom: 635dade8c2d466563bdeba84575ccfd57214e37e
+Top: 45cccd4a47645a41bfaa6a90e93cd3906e8edfa6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9e121d9ec8c4633d64cc9744360fbeca9f156bf0
commit 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9eac7aed6d7204866334765380c9f4dcf4d27712
commit 9eac7aed6d7204866334765380c9f4dcf4d27712
Merge: e0dcb1a 349313a 9e121d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:59 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e0dcb1ab9cc1f8e1eb49fd1046cdbd0bf19ab1d1
commit e0dcb1ab9cc1f8e1eb49fd1046cdbd0bf19ab1d1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:59 2013 -0300
push
diff --git a/meta b/meta
index 0d54dab..5ba29aa 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: 5db9fbe9041fbed617eb79c77493ef6f1625e290
-Head: 838c715e0d3f4c3674975edd26315e143cca1455
+Previous: 349313a3dd747639c0add943ebcbfa40edc7b949
+Head: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
+ manual-document-mt-safety-charset.patch: 9e121d9ec8c4633d64cc9744360fbeca9f156bf0
Unapplied:
- manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 6935950..45a1643 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 802ed278ee78a71e6694780a51b4b82573651127
-Top: 8630788acc532aafc6569e76eaf6a0ce2bd4583e
+Bottom: 20fd58920c13f96b1451eda75458a9c942d2094e
+Top: 635dade8c2d466563bdeba84575ccfd57214e37e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=349313a3dd747639c0add943ebcbfa40edc7b949
commit 349313a3dd747639c0add943ebcbfa40edc7b949
Merge: eca6f0b 838c715 5db9fbe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:34 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eca6f0b9acfe5fc1ad8e178cc3ae02385b761874
commit eca6f0b9acfe5fc1ad8e178cc3ae02385b761874
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:34 2013 -0300
refresh
diff --git a/meta b/meta
index f71e2d2..0d54dab 100644
--- a/meta
+++ b/meta
@@ -1,13 +1,12 @@
Version: 1
-Previous: 2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
-Head: 831663a122760bc287ae8012fad51497619b234e
+Previous: 5db9fbe9041fbed617eb79c77493ef6f1625e290
+Head: 838c715e0d3f4c3674975edd26315e143cca1455
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
- manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
- refresh-temp: 831663a122760bc287ae8012fad51497619b234e
+ manual-document-mt-safety-arith.patch: 838c715e0d3f4c3674975edd26315e143cca1455
Unapplied:
manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index b23a7d8..9eca6bc 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
Bottom: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
-Top: 802ed278ee78a71e6694780a51b4b82573651127
+Top: 20fd58920c13f96b1451eda75458a9c942d2094e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/arith.texi b/manual/arith.texi
-index 77056c3..5c3aa9d 100644
+index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@@ -826,7 +826,7 @@ index 77056c3..5c3aa9d 100644
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
-+@c args_value if it's too large, but gcvt never exercises this path.
++@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 0b98566..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: 802ed278ee78a71e6694780a51b4b82573651127
-Top: 20fd58920c13f96b1451eda75458a9c942d2094e
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:36:33 -0300
-
-Refresh of manual-document-mt-safety-arith.patch
-
----
-
-diff --git a/manual/arith.texi b/manual/arith.texi
-index 5c3aa9d..c0cd350 100644
---- a/manual/arith.texi
-+++ b/manual/arith.texi
-@@ -2666,7 +2666,7 @@ to @code{fcvt}.
- @deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
- @safety{@mtsafe{}@assafe{}@acsafe{}}
- @c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
--@c args_value if it's too large, but gcvt never exercises this path.
-+@c args_value if it's too large, but gcvt never exercises this path.
- @code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
- ndigit, value}. It is provided only for compatibility's sake. It
- returns @var{buf}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5db9fbe9041fbed617eb79c77493ef6f1625e290
commit 5db9fbe9041fbed617eb79c77493ef6f1625e290
Merge: 8e47328 2d0bbd8 831663a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:33 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8e4732834ba216f49979c7e122c6231a2deb8fcc
commit 8e4732834ba216f49979c7e122c6231a2deb8fcc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:33 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index dc8bfd3..f71e2d2 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,13 @@
Version: 1
-Previous: d6234b156e44d866fb19cd4513e613642ffa7346
-Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+Previous: 2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
+Head: 831663a122760bc287ae8012fad51497619b234e
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+ refresh-temp: 831663a122760bc287ae8012fad51497619b234e
Unapplied:
manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..0b98566
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: 802ed278ee78a71e6694780a51b4b82573651127
+Top: 20fd58920c13f96b1451eda75458a9c942d2094e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:36:33 -0300
+
+Refresh of manual-document-mt-safety-arith.patch
+
+---
+
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 5c3aa9d..c0cd350 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -2666,7 +2666,7 @@ to @code{fcvt}.
+ @deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+ @safety{@mtsafe{}@assafe{}@acsafe{}}
+ @c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+-@c args_value if it's too large, but gcvt never exercises this path.
++@c args_value if it's too large, but gcvt never exercises this path.
+ @code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
+ ndigit, value}. It is provided only for compatibility's sake. It
+ returns @var{buf}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=831663a122760bc287ae8012fad51497619b234e
commit 831663a122760bc287ae8012fad51497619b234e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:33 2013 -0300
Refresh of manual-document-mt-safety-arith.patch
diff --git a/manual/arith.texi b/manual/arith.texi
index 5c3aa9d..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -2666,7 +2666,7 @@ to @code{fcvt}.
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
@safety{@mtsafe{}@assafe{}@acsafe{}}
@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
-@c args_value if it's too large, but gcvt never exercises this path.
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
commit 2d0bbd85e67e716b0c9f09a1ab44ff77d6616803
Merge: a27b834 d6234b1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:18 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a27b8346429ac4f2e2146550fdcf07ce8af508e2
commit a27b8346429ac4f2e2146550fdcf07ce8af508e2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:18 2013 -0300
pop
diff --git a/meta b/meta
index b913e04..dc8bfd3 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: b8d90ae0c166b84615d28e15bd49b148198e775d
-Head: 32e6dfea09eccf189affbee43bff67b4989ada90
+Previous: d6234b156e44d866fb19cd4513e613642ffa7346
+Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
- manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
Unapplied:
+ manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d6234b156e44d866fb19cd4513e613642ffa7346
commit d6234b156e44d866fb19cd4513e613642ffa7346
Merge: 075391f b8d90ae 32e6dfe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:10 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=075391fa607ad0bd3fcd3ec58620a879d06b96c0
commit 075391fa607ad0bd3fcd3ec58620a879d06b96c0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:36:10 2013 -0300
push
diff --git a/meta b/meta
index 92bad98..b913e04 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: 68df847c7cd75361a07d4b7603ff1c35408a0863
-Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+Previous: b8d90ae0c166b84615d28e15bd49b148198e775d
+Head: 32e6dfea09eccf189affbee43bff67b4989ada90
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
+ manual-document-mt-safety-charset.patch: 32e6dfea09eccf189affbee43bff67b4989ada90
Unapplied:
- manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index c4d22ae..6935950 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
-Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Bottom: 802ed278ee78a71e6694780a51b4b82573651127
+Top: 8630788acc532aafc6569e76eaf6a0ce2bd4583e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=32e6dfea09eccf189affbee43bff67b4989ada90
commit 32e6dfea09eccf189affbee43bff67b4989ada90
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=838c715e0d3f4c3674975edd26315e143cca1455
commit 838c715e0d3f4c3674975edd26315e143cca1455
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..c0cd350 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a751af8cdebb9eae59c0c48ce3d4b79d692b3026
commit a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8d90ae0c166b84615d28e15bd49b148198e775d
commit b8d90ae0c166b84615d28e15bd49b148198e775d
Merge: c0ac9fb 68df847 a751af8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:55 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c0ac9fb6fa72b5e0bdc0efed5c601d389c5f38d4
commit c0ac9fb6fa72b5e0bdc0efed5c601d389c5f38d4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:55 2013 -0300
push
diff --git a/meta b/meta
index 4948513..92bad98 100644
--- a/meta
+++ b/meta
@@ -1,13 +1,13 @@
Version: 1
-Previous: 4777c890ea3feef7118158898c52d558e960eb56
-Head: 3d307972daeb49e5b5bed74887140e9d5bcb58de
+Previous: 68df847c7cd75361a07d4b7603ff1c35408a0863
+Head: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
+ manual-document-mt-safety-arith.patch: a751af8cdebb9eae59c0c48ce3d4b79d692b3026
Unapplied:
- manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 49b1456..b23a7d8 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
-Top: 260809414e54f35864ab54b52fdbff3517f05f2e
+Bottom: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
+Top: 802ed278ee78a71e6694780a51b4b82573651127
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68df847c7cd75361a07d4b7603ff1c35408a0863
commit 68df847c7cd75361a07d4b7603ff1c35408a0863
Merge: 76c1cae 3d30797 4777c89
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76c1caed2a8eadde4ca1116e2a7ce75c566c67cd
commit 76c1caed2a8eadde4ca1116e2a7ce75c566c67cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh
diff --git a/meta b/meta
index 4734cac..4948513 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,11 @@
Version: 1
-Previous: deb22b5c421ce209fd4213dffe23b9ba6f03fd80
-Head: 9895792647585fff29af719a760be76b9bf6f1ca
+Previous: 4777c890ea3feef7118158898c52d558e960eb56
+Head: 3d307972daeb49e5b5bed74887140e9d5bcb58de
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
- manual-document-mt-safety-argp.patch: a1791992633c9fa1862a3073f1396b1b2984430f
- refresh-temp: 9895792647585fff29af719a760be76b9bf6f1ca
+ manual-document-mt-safety-argp.patch: 3d307972daeb49e5b5bed74887140e9d5bcb58de
Unapplied:
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 87d4389..0357d25 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
Bottom: 342d93cedbc3899d97eb6abb3179c639ca189041
-Top: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
+Top: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/argp.texi b/manual/argp.texi
-index c9fbe97..5322f91 100644
+index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@@ -235,7 +235,7 @@ index c9fbe97..5322f91 100644
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls _help.
++@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 2905a68..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,22 +0,0 @@
-Bottom: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
-Top: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:35:47 -0300
-
-Refresh of manual-document-mt-safety-argp.patch
-
----
-
-diff --git a/manual/argp.texi b/manual/argp.texi
-index 5322f91..22e7b9e 100644
---- a/manual/argp.texi
-+++ b/manual/argp.texi
-@@ -1108,7 +1108,7 @@ program options, argp offers the @code{argp_help} interface.
- @comment GNU
- @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
- @safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
--@c Just calls _help.
-+@c Just calls _help.
- This outputs a help message for the argp parser @var{argp} to
- @var{stream}. The type of messages printed will be determined by
- @var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4777c890ea3feef7118158898c52d558e960eb56
commit 4777c890ea3feef7118158898c52d558e960eb56
Merge: bb1b10c deb22b5 9895792
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bb1b10cfcd667f08e3f535b221540a4da4a9eb06
commit bb1b10cfcd667f08e3f535b221540a4da4a9eb06
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 618ca46..4734cac 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,12 @@
Version: 1
-Previous: 122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
-Head: a1791992633c9fa1862a3073f1396b1b2984430f
+Previous: deb22b5c421ce209fd4213dffe23b9ba6f03fd80
+Head: 9895792647585fff29af719a760be76b9bf6f1ca
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
manual-document-mt-safety-argp.patch: a1791992633c9fa1862a3073f1396b1b2984430f
+ refresh-temp: 9895792647585fff29af719a760be76b9bf6f1ca
Unapplied:
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..2905a68
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,22 @@
+Bottom: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
+Top: 3b3317dffdd8fb0b673f39fa8b5d3c6443f8fc0b
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:35:47 -0300
+
+Refresh of manual-document-mt-safety-argp.patch
+
+---
+
+diff --git a/manual/argp.texi b/manual/argp.texi
+index 5322f91..22e7b9e 100644
+--- a/manual/argp.texi
++++ b/manual/argp.texi
+@@ -1108,7 +1108,7 @@ program options, argp offers the @code{argp_help} interface.
+ @comment GNU
+ @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+ @safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+-@c Just calls _help.
++@c Just calls _help.
+ This outputs a help message for the argp parser @var{argp} to
+ @var{stream}. The type of messages printed will be determined by
+ @var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9895792647585fff29af719a760be76b9bf6f1ca
commit 9895792647585fff29af719a760be76b9bf6f1ca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:47 2013 -0300
Refresh of manual-document-mt-safety-argp.patch
diff --git a/manual/argp.texi b/manual/argp.texi
index 5322f91..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -1108,7 +1108,7 @@ program options, argp offers the @code{argp_help} interface.
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-@c Just calls _help.
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3d307972daeb49e5b5bed74887140e9d5bcb58de
commit 3d307972daeb49e5b5bed74887140e9d5bcb58de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..22e7b9e 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=deb22b5c421ce209fd4213dffe23b9ba6f03fd80
commit deb22b5c421ce209fd4213dffe23b9ba6f03fd80
Merge: 8200372 122aa56 a179199
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:25 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8200372a98931eb89aff47b2169097a5b241213c
commit 8200372a98931eb89aff47b2169097a5b241213c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:25 2013 -0300
push
diff --git a/meta b/meta
index aad55e1..618ca46 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,12 @@
Version: 1
-Previous: 449608a0e1f9f7031456901831cf276d4a3ce2a8
-Head: 3be99ad69c588de34f357cdfc3e293046eb30b58
+Previous: 122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
+Head: a1791992633c9fa1862a3073f1396b1b2984430f
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
+ manual-document-mt-safety-argp.patch: a1791992633c9fa1862a3073f1396b1b2984430f
Unapplied:
- manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 914e844..87d4389 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
-Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Bottom: 342d93cedbc3899d97eb6abb3179c639ca189041
+Top: b0125a9bbb94b5659c715bf142ffbfd4f81ce170
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a1791992633c9fa1862a3073f1396b1b2984430f
commit a1791992633c9fa1862a3073f1396b1b2984430f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3be99ad69c588de34f357cdfc3e293046eb30b58
commit 3be99ad69c588de34f357cdfc3e293046eb30b58
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
commit 122aa56ad2927c13e7dff9bbd7eb1dca3dfb7b95
Merge: e9ca6ad 3be99ad 449608a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:22 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e9ca6ada5272e6d8019d75aa14d6dd366664bc7e
commit e9ca6ada5272e6d8019d75aa14d6dd366664bc7e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:22 2013 -0300
push
diff --git a/meta b/meta
index 9c77b8c..aad55e1 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,11 @@
Version: 1
-Previous: 42cee9342d540a15dbfa24ac93b6c76eccfd1d84
-Head: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
+Previous: 449608a0e1f9f7031456901831cf276d4a3ce2a8
+Head: 3be99ad69c588de34f357cdfc3e293046eb30b58
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
+ unused-scalb-is-scalbn.patch: 3be99ad69c588de34f357cdfc3e293046eb30b58
Unapplied:
- unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 0fa4208..9b24c12 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
-Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Bottom: 315c23de417a6094ebe3c8259abcf7f190d93198
+Top: 342d93cedbc3899d97eb6abb3179c639ca189041
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=449608a0e1f9f7031456901831cf276d4a3ce2a8
commit 449608a0e1f9f7031456901831cf276d4a3ce2a8
Merge: b15ced9 42cee93 3071086
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:19 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b15ced979aeb1902b1bf2b385b09c9b14e268b0a
commit b15ced979aeb1902b1bf2b385b09c9b14e268b0a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:19 2013 -0300
push
diff --git a/meta b/meta
index 0b616e0..9c77b8c 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,10 @@
Version: 1
-Previous: 338717da7600a142fbc4fc1ecf9c32877a34d3ac
-Head: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
+Previous: 42cee9342d540a15dbfa24ac93b6c76eccfd1d84
+Head: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
Applied:
manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
+ powerpc-nofpu-sim-note-nothread.patch: 30710868f55ce7574b12ed319bf2a1c3dc0a3744
Unapplied:
- powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index 7f2c050..c413ed2 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: c59759fbdfb422ada848ebdd3845677059986449
-Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Bottom: 465695c41ceed4d41aaebf0e135b8f1123912988
+Top: 315c23de417a6094ebe3c8259abcf7f190d93198
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=30710868f55ce7574b12ed319bf2a1c3dc0a3744
commit 30710868f55ce7574b12ed319bf2a1c3dc0a3744
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42cee9342d540a15dbfa24ac93b6c76eccfd1d84
commit 42cee9342d540a15dbfa24ac93b6c76eccfd1d84
Merge: dcb29f3 338717d 2bd5708
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dcb29f3c9f41f40763018ac5dc1c679450627f8a
commit dcb29f3c9f41f40763018ac5dc1c679450627f8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh
diff --git a/meta b/meta
index 3c9d198..0b616e0 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,8 @@
Version: 1
-Previous: cfbf181420a12a4809c4e059a4ae7cac3012f978
-Head: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
+Previous: 338717da7600a142fbc4fc1ecf9c32877a34d3ac
+Head: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
Applied:
- manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
- refresh-temp: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
+ manual-document-mt-safety.patch: 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index e164c49..94acf09 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: c59759fbdfb422ada848ebdd3845677059986449
+Top: 465695c41ceed4d41aaebf0e135b8f1123912988
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
@@ -15,7 +15,7 @@ for ChangeLog
---
diff --git a/manual/intro.texi b/manual/intro.texi
-index deaf089..e47832c 100644
+index deaf089..07f27c9 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@@ -32,12 +32,12 @@ index deaf089..e47832c 100644
+
+@itemize @bullet
+
-+@item
++@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
-+@item
++@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
@@ -47,7 +47,7 @@ index deaf089..e47832c 100644
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
-+@item
++@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
@@ -213,7 +213,7 @@ index deaf089..e47832c 100644
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
-+destructively.
++destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
@@ -239,7 +239,7 @@ index deaf089..e47832c 100644
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
-+lock.
++lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 37b1c5c..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,55 +0,0 @@
-Bottom: c59759fbdfb422ada848ebdd3845677059986449
-Top: 465695c41ceed4d41aaebf0e135b8f1123912988
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:35:08 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-diff --git a/manual/intro.texi b/manual/intro.texi
-index e47832c..07f27c9 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -182,12 +182,12 @@ the meaning of the standard definitions, follow:
-
- @itemize @bullet
-
--@item
-+@item
- @cindex MT-Safe
- MT-Safe functions are safe to call in the presence of other threads. MT
- stands for Multi Thread.
-
--@item
-+@item
- @cindex AS-Safe
- AS-Safe functions are safe to call from asynchronous signal handlers.
- AS stands for Asynchronous Signal.
-@@ -197,7 +197,7 @@ AS stands for Asynchronous Signal.
- AC-Safe functions are safe to call when asynchronous cancellation is
- enabled. AC stands for Asynchronous Cancellation.
-
--@item
-+@item
- @cindex MT-Unsafe
- @cindex AS-Unsafe
- @cindex AC-Unsafe
-@@ -363,7 +363,7 @@ as follows:
-
- Functions annotated with @code{staticbuf} use internal static buffers or
- variables in ways that may cause concurrent calls to interfere
--destructively.
-+destructively.
-
- These functions are all MT-Unsafe and AC-Unsafe. However, many of them
- offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
-@@ -389,7 +389,7 @@ Functions marked with @code{shlimb} use the dynamic loader to bring in
- additional code modules. This involves opening files, mapping them into
- memory, allocating additional memory, resolving symbols, applying
- relocations and more, all of this while holding the dynamic loader
--lock.
-+lock.
-
- The non-recursive lock itself is enough for the function to be AS- and
- AC-Unsafe, but many other issues may arise.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=338717da7600a142fbc4fc1ecf9c32877a34d3ac
commit 338717da7600a142fbc4fc1ecf9c32877a34d3ac
Merge: b5e4ccb fcaa52d cfbf181
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b5e4ccb12e1b6fc89981c5eea2f4cf2576c08398
commit b5e4ccb12e1b6fc89981c5eea2f4cf2576c08398
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index a2afb75..3c9d198 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: bc9621873d14d54de91b1fb4da7b489041c57335
-Head: b636b87be9756886bb0f9f1396c31b42d3f83c23
+Previous: cfbf181420a12a4809c4e059a4ae7cac3012f978
+Head: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
+ refresh-temp: fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..37b1c5c
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,55 @@
+Bottom: c59759fbdfb422ada848ebdd3845677059986449
+Top: 465695c41ceed4d41aaebf0e135b8f1123912988
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:35:08 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index e47832c..07f27c9 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -182,12 +182,12 @@ the meaning of the standard definitions, follow:
+
+ @itemize @bullet
+
+-@item
++@item
+ @cindex MT-Safe
+ MT-Safe functions are safe to call in the presence of other threads. MT
+ stands for Multi Thread.
+
+-@item
++@item
+ @cindex AS-Safe
+ AS-Safe functions are safe to call from asynchronous signal handlers.
+ AS stands for Asynchronous Signal.
+@@ -197,7 +197,7 @@ AS stands for Asynchronous Signal.
+ AC-Safe functions are safe to call when asynchronous cancellation is
+ enabled. AC stands for Asynchronous Cancellation.
+
+-@item
++@item
+ @cindex MT-Unsafe
+ @cindex AS-Unsafe
+ @cindex AC-Unsafe
+@@ -363,7 +363,7 @@ as follows:
+
+ Functions annotated with @code{staticbuf} use internal static buffers or
+ variables in ways that may cause concurrent calls to interfere
+-destructively.
++destructively.
+
+ These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+ offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+@@ -389,7 +389,7 @@ Functions marked with @code{shlimb} use the dynamic loader to bring in
+ additional code modules. This involves opening files, mapping them into
+ memory, allocating additional memory, resolving symbols, applying
+ relocations and more, all of this while holding the dynamic loader
+-lock.
++lock.
+
+ The non-recursive lock itself is enough for the function to be AS- and
+ AC-Unsafe, but many other issues may arise.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
commit fcaa52d9d38062d5371a9b3fda4bf3a7c6bd69ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:35:08 2013 -0300
Refresh of manual-document-mt-safety.patch
diff --git a/manual/intro.texi b/manual/intro.texi
index e47832c..07f27c9 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -182,12 +182,12 @@ the meaning of the standard definitions, follow:
@itemize @bullet
-@item
+@item
@cindex MT-Safe
MT-Safe functions are safe to call in the presence of other threads. MT
stands for Multi Thread.
-@item
+@item
@cindex AS-Safe
AS-Safe functions are safe to call from asynchronous signal handlers.
AS stands for Asynchronous Signal.
@@ -197,7 +197,7 @@ AS stands for Asynchronous Signal.
AC-Safe functions are safe to call when asynchronous cancellation is
enabled. AC stands for Asynchronous Cancellation.
-@item
+@item
@cindex MT-Unsafe
@cindex AS-Unsafe
@cindex AC-Unsafe
@@ -363,7 +363,7 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
@@ -389,7 +389,7 @@ Functions marked with @code{shlimb} use the dynamic loader to bring in
additional code modules. This involves opening files, mapping them into
memory, allocating additional memory, resolving symbols, applying
relocations and more, all of this while holding the dynamic loader
-lock.
+lock.
The non-recursive lock itself is enough for the function to be AS- and
AC-Unsafe, but many other issues may arise.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cfbf181420a12a4809c4e059a4ae7cac3012f978
commit cfbf181420a12a4809c4e059a4ae7cac3012f978
Merge: cb872d4 bc96218
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:32 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cb872d43ea9e4d2cc182c9b248116adafa152b6a
commit cb872d43ea9e4d2cc182c9b248116adafa152b6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:32 2013 -0300
push
diff --git a/meta b/meta
index bfdfa92..a2afb75 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,9 @@
Version: 1
-Previous: ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: bc9621873d14d54de91b1fb4da7b489041c57335
+Head: b636b87be9756886bb0f9f1396c31b42d3f83c23
Applied:
-Unapplied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bc9621873d14d54de91b1fb4da7b489041c57335
commit bc9621873d14d54de91b1fb4da7b489041c57335
Merge: 24e7ff0 ffd5c5b ca0a6bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:30 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=24e7ff019d0c2120d281b8ec57e55e38dfa9a60a
commit 24e7ff019d0c2120d281b8ec57e55e38dfa9a60a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:33:30 2013 -0300
pop
diff --git a/meta b/meta
index 642b7a7..bfdfa92 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: 9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
-Head: 4022accc5d1f9f2ae322f8f76488286c694acd7b
+Previous: ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
@@ -29,5 +30,4 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
commit ffd5c5bfb94cde6cb1bb960cd9b0039fbc7e4165
Merge: 848b85d 9b6d80e 4022acc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:23:06 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=848b85dd2c140ba354d73a36200aab26074a10ea
commit 848b85dd2c140ba354d73a36200aab26074a10ea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:23:06 2013 -0300
push
diff --git a/meta b/meta
index f20b1f6..642b7a7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: c3a3e2ed03530068c256413199aaf65a2c9a23c6
-Head: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
+Previous: 9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
+Head: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,12 +22,12 @@ Applied:
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
+ wip-manual-document-mt-safety-startup.patch: 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
+ wip-manual-document-mt-safety-search.patch: 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
+ wip-manual-document-mt-safety-resource.patch: ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
+ wip-manual-document-mt-safety-string.patch: 1b3406934ca4e3cb676972632387dd5862c26d57
+ wip-manual-document-mt-safety-terminal.patch: a9f83c82c1746276acceb4928131d8099c0caf6a
+ wip-manual-document-mt-safety-threads.patch: 49c5533ec879c99f89ad9a1ba58929a9739a1254
+ wip-manual-document-mt-safety-time.patch: 4022accc5d1f9f2ae322f8f76488286c694acd7b
Unapplied:
- wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
- wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
- wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
- wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
- wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
- wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
- wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4022accc5d1f9f2ae322f8f76488286c694acd7b
commit 4022accc5d1f9f2ae322f8f76488286c694acd7b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=49c5533ec879c99f89ad9a1ba58929a9739a1254
commit 49c5533ec879c99f89ad9a1ba58929a9739a1254
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9f83c82c1746276acceb4928131d8099c0caf6a
commit a9f83c82c1746276acceb4928131d8099c0caf6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1b3406934ca4e3cb676972632387dd5862c26d57
commit 1b3406934ca4e3cb676972632387dd5862c26d57
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
commit ce4ad52cc41d3ae34f10dc5fa29d2d4c2aa08a5c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
commit 75e6004e8dbc695b0cdc9b84249cf1b777fc30b5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
commit 3e55489a3bf8f9a9f05d22c1ebbadd2c05990371
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
commit 9b6d80ee7ab6e6fe72cc7cb62e9ab40b08d98fcf
Merge: ec08fe3 c3a3e2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:42 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ec08fe3bd130f00b154a916a391ede6d32edd3a7
commit ec08fe3bd130f00b154a916a391ede6d32edd3a7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:42 2013 -0300
rename
diff --git a/meta b/meta
index b577858..f20b1f6 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
+Previous: c3a3e2ed03530068c256413199aaf65a2c9a23c6
Head: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -21,7 +21,7 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
- manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
+ wip-manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/wip-manual-document-mt-safety-math.patch
similarity index 100%
rename from patches/manual-document-mt-safety-math.patch
rename to patches/wip-manual-document-mt-safety-math.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fa6fb5b03c11257d3a3c8dc6b02338662de3178f
commit fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3a3e2ed03530068c256413199aaf65a2c9a23c6
commit c3a3e2ed03530068c256413199aaf65a2c9a23c6
Merge: e1566bf fa6fb5b a6fbeb9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:38 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e1566bf9fb88486cbfedc67bf73c3d975cd7572f
commit e1566bf9fb88486cbfedc67bf73c3d975cd7572f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:38 2013 -0300
float
diff --git a/meta b/meta
index 074b28d..b577858 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
-Head: d28c617b0914a75671912795729911dbc6fe09e5
+Previous: a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
+Head: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -19,9 +19,9 @@ Applied:
manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
- manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
- manual-document-mt-safety-stdio.patch: e6e54eca8a8e68975917469f5af2de9f0f13343f
- wip-manual-document-mt-safety-locale.patch: d28c617b0914a75671912795729911dbc6fe09e5
+ manual-document-mt-safety-stdio.patch: 0960f99a58ac496a2420e3d299e868f900662636
+ wip-manual-document-mt-safety-locale.patch: 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
+ manual-document-mt-safety-math.patch: fa6fb5b03c11257d3a3c8dc6b02338662de3178f
Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 9f1572f..1477a1e 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Bottom: 9810f600dc88278307b0fb70f5a0bc3a128cac35
+Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 3071496..0de73f6 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: cc461998b2abb06c1eee7461c38382b121f21408
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: 1b3315652dde989dd535a1572985e5afdd6c5e99
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6b37e58..3fe7a6a 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: cc461998b2abb06c1eee7461c38382b121f21408
-Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Bottom: 1b3315652dde989dd535a1572985e5afdd6c5e99
+Top: 9810f600dc88278307b0fb70f5a0bc3a128cac35
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c6c8ecacf987abc5dda5f02425179c9f9c5acde
commit 6c6c8ecacf987abc5dda5f02425179c9f9c5acde
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0960f99a58ac496a2420e3d299e868f900662636
commit 0960f99a58ac496a2420e3d299e868f900662636
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
commit a6fbeb9aedbee6149c8ff623ea1afc5696e04ef2
Merge: c9c8e70 d28c617 f0a7a15
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:33 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c9c8e702649d83e74e760275b8a9eed11a6a54cf
commit c9c8e702649d83e74e760275b8a9eed11a6a54cf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:33 2013 -0300
push
diff --git a/meta b/meta
index 8e68578..074b28d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 336fe16b7fe866758508510e2c02a9f9d1e19dae
-Head: e6e54eca8a8e68975917469f5af2de9f0f13343f
+Previous: f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
+Head: d28c617b0914a75671912795729911dbc6fe09e5
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
manual-document-mt-safety-stdio.patch: e6e54eca8a8e68975917469f5af2de9f0f13343f
+ wip-manual-document-mt-safety-locale.patch: d28c617b0914a75671912795729911dbc6fe09e5
Unapplied:
- wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index c0945af..6b37e58 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Bottom: cc461998b2abb06c1eee7461c38382b121f21408
+Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d28c617b0914a75671912795729911dbc6fe09e5
commit d28c617b0914a75671912795729911dbc6fe09e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
commit f0a7a15dfe10c4138b45924e98f82ac9f68d4ae1
Merge: b8f3387 e6e54ec 336fe16
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:28 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8f33879ea992d8d06e0d8e8242c3acf47cdea61
commit b8f33879ea992d8d06e0d8e8242c3acf47cdea61
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:28 2013 -0300
float
diff --git a/meta b/meta
index ed0d165..8e68578 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: baca28272f714749e2522fd703c767c52d786e4f
-Head: ad614ca21bb3d439075824533620448aaca7dca6
+Previous: 336fe16b7fe866758508510e2c02a9f9d1e19dae
+Head: e6e54eca8a8e68975917469f5af2de9f0f13343f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,9 +20,9 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
+ manual-document-mt-safety-stdio.patch: e6e54eca8a8e68975917469f5af2de9f0f13343f
Unapplied:
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
- manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 439216f..3071496 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: cc461998b2abb06c1eee7461c38382b121f21408
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6e54eca8a8e68975917469f5af2de9f0f13343f
commit e6e54eca8a8e68975917469f5af2de9f0f13343f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=336fe16b7fe866758508510e2c02a9f9d1e19dae
commit 336fe16b7fe866758508510e2c02a9f9d1e19dae
Merge: dc451ff baca282
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:26 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dc451ffdd2937ede520866ea1567b289871e09c8
commit dc451ffdd2937ede520866ea1567b289871e09c8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:26 2013 -0300
pop
diff --git a/meta b/meta
index 78272d0..ed0d165 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 47e0d3e47e78f161bcff74b05585031fca958b31
-Head: a42a02e1e7c652cc7780640ba20259c587532248
+Previous: baca28272f714749e2522fd703c767c52d786e4f
+Head: ad614ca21bb3d439075824533620448aaca7dca6
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,9 +20,9 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
+Unapplied:
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
-Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=baca28272f714749e2522fd703c767c52d786e4f
commit baca28272f714749e2522fd703c767c52d786e4f
Merge: b6ed960 47e0d3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:21 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6ed9609907f099e7f09892662510850976bde97
commit b6ed9609907f099e7f09892662510850976bde97
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:21 2013 -0300
float
diff --git a/meta b/meta
index c0bc41e..78272d0 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 532704a546b6b5b16675eaaad7d2885e53064e4c
-Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+Previous: 47e0d3e47e78f161bcff74b05585031fca958b31
+Head: a42a02e1e7c652cc7780640ba20259c587532248
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
-Unapplied:
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
+Unapplied:
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=47e0d3e47e78f161bcff74b05585031fca958b31
commit 47e0d3e47e78f161bcff74b05585031fca958b31
Merge: 972eb6c 532704a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:18 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=972eb6cb6f7a241af3ef87b42260a2e30df44e76
commit 972eb6cb6f7a241af3ef87b42260a2e30df44e76
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:18 2013 -0300
pop
diff --git a/meta b/meta
index 807199e..c0bc41e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 96d44e67b9d8706145ee8f6a8cf32281036c25ab
-Head: a42a02e1e7c652cc7780640ba20259c587532248
+Previous: 532704a546b6b5b16675eaaad7d2885e53064e4c
+Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
- manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
Unapplied:
+ manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=532704a546b6b5b16675eaaad7d2885e53064e4c
commit 532704a546b6b5b16675eaaad7d2885e53064e4c
Merge: c1eb56a 96d44e6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:13 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c1eb56aa4626150ce50e9d62a9353a0fbcff0868
commit c1eb56aa4626150ce50e9d62a9353a0fbcff0868
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:13 2013 -0300
pop
diff --git a/meta b/meta
index 98c6446..807199e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
-Head: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
+Previous: 96d44e67b9d8706145ee8f6a8cf32281036c25ab
+Head: a42a02e1e7c652cc7780640ba20259c587532248
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
- wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Unapplied:
+ wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96d44e67b9d8706145ee8f6a8cf32281036c25ab
commit 96d44e67b9d8706145ee8f6a8cf32281036c25ab
Merge: 7a80d63 4513b24 5e554e8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:11 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7a80d63908f847de4ae1d9ff1ffb55a1ca7eb67a
commit 7a80d63908f847de4ae1d9ff1ffb55a1ca7eb67a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:11 2013 -0300
push
diff --git a/meta b/meta
index 2eb9196..98c6446 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
-Head: a42a02e1e7c652cc7780640ba20259c587532248
+Previous: 5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
+Head: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,8 +22,8 @@ Applied:
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
+ wip-manual-document-mt-safety-startup.patch: 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Unapplied:
- wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index ba122fe..93b8b21 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Bottom: 34850c3fae2002c32308b3353855e2de0a18b4d3
+Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4513b24df2381c1073bcb1b2eac60bddfc5f51da
commit 4513b24df2381c1073bcb1b2eac60bddfc5f51da
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
commit 5e554e8e90d5ac20e8728c2791e7eb569b0a72b9
Merge: 9732f8f a42a02e cff460b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:03 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9732f8f54229b855d2133d521d803445a29dca98
commit 9732f8f54229b855d2133d521d803445a29dca98
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:22:03 2013 -0300
float
diff --git a/meta b/meta
index 560ae1d..2eb9196 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9b994d726d2334605ede7ee74e40464832004c1a
-Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+Previous: cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
+Head: a42a02e1e7c652cc7780640ba20259c587532248
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,9 +21,9 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+ manual-document-mt-safety-stdio.patch: a42a02e1e7c652cc7780640ba20259c587532248
Unapplied:
wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
- manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 2d0e681..439216f 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
-Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: 34850c3fae2002c32308b3353855e2de0a18b4d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a42a02e1e7c652cc7780640ba20259c587532248
commit a42a02e1e7c652cc7780640ba20259c587532248
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
commit cff460bd8f3ab8dd9231a7dcad373a6ac24619c2
Merge: d40ff1e 9b994d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:58 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d40ff1ed4d170ecf325d0020f9bfaf8294ed83f6
commit d40ff1ed4d170ecf325d0020f9bfaf8294ed83f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:58 2013 -0300
pop
diff --git a/meta b/meta
index 3a1710a..560ae1d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 797bbc4701e79da18f6ad5d0cccc653c322796ec
-Head: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
+Previous: 9b994d726d2334605ede7ee74e40464832004c1a
+Head: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -21,10 +21,10 @@ Applied:
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+Unapplied:
wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
-Unapplied:
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9b994d726d2334605ede7ee74e40464832004c1a
commit 9b994d726d2334605ede7ee74e40464832004c1a
Merge: 4136d52 797bbc4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:48 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4136d5230d1138fdd1ac4a9a54d7610c639b7ad0
commit 4136d5230d1138fdd1ac4a9a54d7610c639b7ad0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:48 2013 -0300
rename
diff --git a/meta b/meta
index 63435a9..3a1710a 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
+Previous: 797bbc4701e79da18f6ad5d0cccc653c322796ec
Head: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -23,7 +23,7 @@ Applied:
wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
- manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
+ wip-manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Unapplied:
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/wip-manual-document-mt-safety-search.patch
similarity index 100%
rename from patches/manual-document-mt-safety-search.patch
rename to patches/wip-manual-document-mt-safety-search.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
commit a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=797bbc4701e79da18f6ad5d0cccc653c322796ec
commit 797bbc4701e79da18f6ad5d0cccc653c322796ec
Merge: 1fa6bb8 35815db 0677838
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:44 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1fa6bb80f706b8c748f2a422d94f118378cb3912
commit 1fa6bb80f706b8c748f2a422d94f118378cb3912
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:44 2013 -0300
float
diff --git a/meta b/meta
index e48e739..63435a9 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
-Head: 4bbeb1050d394dac154d328416785d3a4737bfca
+Previous: 0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
+Head: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,10 +20,10 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
- manual-document-mt-safety-search.patch: af52e291a0269b692e9e0570ba1d886714da159b
- wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
- wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
- manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
+ wip-manual-document-mt-safety-locale.patch: a85a045f861e4eae2ee7a5ebddbba4ecb4b85087
+ wip-manual-document-mt-safety-startup.patch: c07dbdccb654913fa9dcb761709fb6000f6f1edf
+ manual-document-mt-safety-stdio.patch: da2ba42fc63d63defef49cb42670fb97e77a6179
+ manual-document-mt-safety-search.patch: 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Unapplied:
wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index e0ed5db..dfc7d5e 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: 4b5bc3f694509a6dfd1b265acace61d889211e5c
+Bottom: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
+Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 1259b54..2d0e681 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: d2881bc13111445c3cada2b810275ed5d685175c
-Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
+Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Top: 9e26e65c6f5ad1ae860b4b03c429a90054cbb837
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 148781b..c0945af 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 4b5bc3f694509a6dfd1b265acace61d889211e5c
-Top: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 2a9f16b..ba122fe 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
-Top: d2881bc13111445c3cada2b810275ed5d685175c
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35815dbc011f65ef76ad028cbc0b8b32381dd13a
commit 35815dbc011f65ef76ad028cbc0b8b32381dd13a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=da2ba42fc63d63defef49cb42670fb97e77a6179
commit da2ba42fc63d63defef49cb42670fb97e77a6179
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c07dbdccb654913fa9dcb761709fb6000f6f1edf
commit c07dbdccb654913fa9dcb761709fb6000f6f1edf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
commit 0677838a5cbf4e94dbbd80fbf2427d5fcce6cccf
Merge: dd3c527 12fbe6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:40 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dd3c527fa4bba3a1bf657d9813343ea4ddf5107a
commit dd3c527fa4bba3a1bf657d9813343ea4ddf5107a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:40 2013 -0300
pop
diff --git a/meta b/meta
index cc99f28..e48e739 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7cbb268fad337dff229e13ac8be69351cc57313f
-Head: 08d53f635c15ae65cc8f2347e47894394c5a651f
+Previous: 12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
+Head: 4bbeb1050d394dac154d328416785d3a4737bfca
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -24,8 +24,8 @@ Applied:
wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
- wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
Unapplied:
+ wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
commit 12fbe6a13e4a996cfabe7cd13dabc07a5377ce79
Merge: bec2827 7cbb268
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:21 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bec2827536c90ffded6a98f176ef0a4f9f10d849
commit bec2827536c90ffded6a98f176ef0a4f9f10d849
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:21 2013 -0300
rename
diff --git a/meta b/meta
index 9ebd437..cc99f28 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 74ac784fe3cc7e497dd1777f02a8c29ec6152a44
+Previous: 7cbb268fad337dff229e13ac8be69351cc57313f
Head: 08d53f635c15ae65cc8f2347e47894394c5a651f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -24,7 +24,7 @@ Applied:
wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
- manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
+ wip-manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/wip-manual-document-mt-safety-resource.patch
similarity index 100%
rename from patches/manual-document-mt-safety-resource.patch
rename to patches/wip-manual-document-mt-safety-resource.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7cbb268fad337dff229e13ac8be69351cc57313f
commit 7cbb268fad337dff229e13ac8be69351cc57313f
Merge: 41a10da 08d53f6 74ac784
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:17 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41a10daef46a1694e219ab21a7068c43f99882e7
commit 41a10daef46a1694e219ab21a7068c43f99882e7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:21:17 2013 -0300
float
diff --git a/meta b/meta
index 3391b8b..9ebd437 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
-Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+Previous: 74ac784fe3cc7e497dd1777f02a8c29ec6152a44
+Head: 08d53f635c15ae65cc8f2347e47894394c5a651f
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -20,11 +20,11 @@ Applied:
manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
- manual-document-mt-safety-resource.patch: c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
- manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
- wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
- wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
- manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+ manual-document-mt-safety-search.patch: af52e291a0269b692e9e0570ba1d886714da159b
+ wip-manual-document-mt-safety-locale.patch: 166651bfa122c6352028365fa0f89c9dc3003751
+ wip-manual-document-mt-safety-startup.patch: f27de287f82231e5a93eaa44bafa8170abc3dce3
+ manual-document-mt-safety-stdio.patch: 4bbeb1050d394dac154d328416785d3a4737bfca
+ manual-document-mt-safety-resource.patch: 08d53f635c15ae65cc8f2347e47894394c5a651f
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 8309358..4b6d73f 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Bottom: 4275437ac31826c5f18c9a5e4b30e85235c02761
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 3e786ab..e0ed5db 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
-Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: 4b5bc3f694509a6dfd1b265acace61d889211e5c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 8b416af..1259b54 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: d2881bc13111445c3cada2b810275ed5d685175c
+Top: 4275437ac31826c5f18c9a5e4b30e85235c02761
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index dbff60e..148781b 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
-Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Bottom: 4b5bc3f694509a6dfd1b265acace61d889211e5c
+Top: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index cd2fcf0..2a9f16b 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
-Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Bottom: 5bf8b68d0db01d2c779d9e0b745a266268200a3e
+Top: d2881bc13111445c3cada2b810275ed5d685175c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=08d53f635c15ae65cc8f2347e47894394c5a651f
commit 08d53f635c15ae65cc8f2347e47894394c5a651f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4bbeb1050d394dac154d328416785d3a4737bfca
commit 4bbeb1050d394dac154d328416785d3a4737bfca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f27de287f82231e5a93eaa44bafa8170abc3dce3
commit f27de287f82231e5a93eaa44bafa8170abc3dce3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=166651bfa122c6352028365fa0f89c9dc3003751
commit 166651bfa122c6352028365fa0f89c9dc3003751
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=af52e291a0269b692e9e0570ba1d886714da159b
commit af52e291a0269b692e9e0570ba1d886714da159b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=74ac784fe3cc7e497dd1777f02a8c29ec6152a44
commit 74ac784fe3cc7e497dd1777f02a8c29ec6152a44
Merge: 892a074 b03f8aa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:38 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=892a074da1bfdf18e6f8f87cacccfc72d66f10a3
commit 892a074da1bfdf18e6f8f87cacccfc72d66f10a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:38 2013 -0300
rename
diff --git a/meta b/meta
index 45c1261..3391b8b 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: a635047355e7efe75f06ce47d6afc804f73fc513
+Previous: b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -24,7 +24,7 @@ Applied:
manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
- wip-manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+ manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/wip-manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
similarity index 100%
rename from patches/wip-manual-document-mt-safety-stdio.patch
rename to patches/manual-document-mt-safety-stdio.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
commit b03f8aa8fb7d6c4c3d64881c3f334e1605f344c9
Merge: efa6546 a635047
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:11 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=efa654693e2dd7542014b410dc9f49bb18f37ba6
commit efa654693e2dd7542014b410dc9f49bb18f37ba6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:11 2013 -0300
rename
diff --git a/meta b/meta
index 3844d46..45c1261 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
+Previous: a635047355e7efe75f06ce47d6afc804f73fc513
Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -24,7 +24,7 @@ Applied:
manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
- manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
+ wip-manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/wip-manual-document-mt-safety-stdio.patch
similarity index 100%
rename from patches/manual-document-mt-safety-stdio.patch
rename to patches/wip-manual-document-mt-safety-stdio.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a635047355e7efe75f06ce47d6afc804f73fc513
commit a635047355e7efe75f06ce47d6afc804f73fc513
Merge: f233fd0 214bfe3 c3cb182
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:05 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f233fd0cb20891129d27b957f9ef80fdf470441d
commit f233fd0cb20891129d27b957f9ef80fdf470441d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:05 2013 -0300
float
diff --git a/meta b/meta
index 4b93421..3844d46 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b7a1180b29f8e1785e9467dfbb8c4df59801236a
-Head: 06713123a0b742b742a1093deb32978e84799d02
+Previous: 214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
+Head: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -22,9 +22,9 @@ Applied:
manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
manual-document-mt-safety-resource.patch: c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
- manual-document-mt-safety-stdio.patch: f58d7939271296d5d0b2e459b13c3f0ba92705a6
- wip-manual-document-mt-safety-locale.patch: 15f732902e7b031fbb6663b8dfe1c097ca9396d2
- wip-manual-document-mt-safety-startup.patch: 06713123a0b742b742a1093deb32978e84799d02
+ wip-manual-document-mt-safety-locale.patch: 1080909eb844c0072328bc632d8a57287ad64752
+ wip-manual-document-mt-safety-startup.patch: 5101825e252b39ea192475db1ffaaeef5f155a46
+ manual-document-mt-safety-stdio.patch: c3cb182414605a752cfd0de3f8ff1637db9aeddb
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 1e0cfc0..8b416af 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
-Top: 52792116005976e16d455f880f0b2d381882e671
+Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index d5c1830..dbff60e 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 52792116005976e16d455f880f0b2d381882e671
-Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
+Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 0cf63b1..cd2fcf0 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: a529301c800b3ca93ba927e5d69da7dd7cafbae7
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3cb182414605a752cfd0de3f8ff1637db9aeddb
commit c3cb182414605a752cfd0de3f8ff1637db9aeddb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5101825e252b39ea192475db1ffaaeef5f155a46
commit 5101825e252b39ea192475db1ffaaeef5f155a46
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1080909eb844c0072328bc632d8a57287ad64752
commit 1080909eb844c0072328bc632d8a57287ad64752
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
commit 214bfe37ebde7efdc4e4b26b55512d35ebdc1f0e
Merge: 73cda38 0671312 b7a1180
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:00 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=73cda380eb4cc913cb7e2827ee6e7f4fcd468c53
commit 73cda380eb4cc913cb7e2827ee6e7f4fcd468c53
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:20:00 2013 -0300
goto
diff --git a/meta b/meta
index e3af5e5..4b93421 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
-Head: 290ed306adba817ec4cb4f5207e63269e7990930
+Previous: b7a1180b29f8e1785e9467dfbb8c4df59801236a
+Head: 06713123a0b742b742a1093deb32978e84799d02
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -16,16 +16,16 @@ Applied:
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
+ manual-document-mt-safety-job.patch: 57c129a7691ad66436b380272a24d356111b19bf
+ manual-document-mt-safety-lang.patch: e1bee872da33bdb7b911d4cd111906a390b9ea8a
+ manual-document-mt-safety-llio.patch: 51babe049dfe3862b311b4ebbfd87a8eb915528c
+ manual-document-mt-safety-math.patch: ad614ca21bb3d439075824533620448aaca7dca6
+ manual-document-mt-safety-resource.patch: c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
+ manual-document-mt-safety-search.patch: a178ba9d66b1669f239966e51b89a7409aa3a762
+ manual-document-mt-safety-stdio.patch: f58d7939271296d5d0b2e459b13c3f0ba92705a6
+ wip-manual-document-mt-safety-locale.patch: 15f732902e7b031fbb6663b8dfe1c097ca9396d2
+ wip-manual-document-mt-safety-startup.patch: 06713123a0b742b742a1093deb32978e84799d02
Unapplied:
- manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
- manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
- manual-document-mt-safety-llio.patch: 40fb222a22df4ba14615f2276530f1f17682e084
- manual-document-mt-safety-math.patch: 1f1722344cc379ee50d34f34beaf20fa65b35e2a
- manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
- manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
- manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
- wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
- wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index b4d3b96..e6f679b 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Bottom: 08a4456877254843d89c18fe88e4c0431857fcff
+Top: b58e76e4078fdee40947d68820e0f861f8cac2de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index eef82af..09d2cc9 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
-Top: 95e3af012c2d8222ce9c18f313b200f086405d32
+Bottom: b58e76e4078fdee40947d68820e0f861f8cac2de
+Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 4f4042d..274aefd 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
-Top: d984e43548394d87c0dcc06e8f1f954337bf1f0b
+Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Top: baf6738652c9240a7ea48273cff318ffb17716d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index bdc9eab..9f1572f 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: d984e43548394d87c0dcc06e8f1f954337bf1f0b
-Top: ed5585f43f682f64747d87313aa8fa6455b413af
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 9cf449a..8309358 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: ed5585f43f682f64747d87313aa8fa6455b413af
-Top: e75af3e584fdb6c5c7a273cced643b65589309d7
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 90717fa..3e786ab 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: e75af3e584fdb6c5c7a273cced643b65589309d7
-Top: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
+Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index e2e4efd..1e0cfc0 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
-Top: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
+Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Top: 52792116005976e16d455f880f0b2d381882e671
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=51babe049dfe3862b311b4ebbfd87a8eb915528c
commit 51babe049dfe3862b311b4ebbfd87a8eb915528c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ad614ca21bb3d439075824533620448aaca7dca6
commit ad614ca21bb3d439075824533620448aaca7dca6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a178ba9d66b1669f239966e51b89a7409aa3a762
commit a178ba9d66b1669f239966e51b89a7409aa3a762
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06713123a0b742b742a1093deb32978e84799d02
commit 06713123a0b742b742a1093deb32978e84799d02
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e1bee872da33bdb7b911d4cd111906a390b9ea8a
commit e1bee872da33bdb7b911d4cd111906a390b9ea8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
commit c67d9b0e48706ad7a6ce8afb05575d2da8a739ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=15f732902e7b031fbb6663b8dfe1c097ca9396d2
commit 15f732902e7b031fbb6663b8dfe1c097ca9396d2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f58d7939271296d5d0b2e459b13c3f0ba92705a6
commit f58d7939271296d5d0b2e459b13c3f0ba92705a6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=57c129a7691ad66436b380272a24d356111b19bf
commit 57c129a7691ad66436b380272a24d356111b19bf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b7a1180b29f8e1785e9467dfbb8c4df59801236a
commit b7a1180b29f8e1785e9467dfbb8c4df59801236a
Merge: d734882 dfd49e9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:40 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d73488258df3a8ec3c814776d0831682e2dea189
commit d73488258df3a8ec3c814776d0831682e2dea189
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:40 2013 -0300
rename
diff --git a/meta b/meta
index 2107ada..e3af5e5 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: df394563a1a1bdefbb23875c4edfd069bebfc906
+Previous: dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
Head: 290ed306adba817ec4cb4f5207e63269e7990930
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -15,7 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
- wip-manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
+ manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
Unapplied:
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
diff --git a/patches/wip-manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
similarity index 100%
rename from patches/wip-manual-document-mt-safety-libdl.patch
rename to patches/manual-document-mt-safety-libdl.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=290ed306adba817ec4cb4f5207e63269e7990930
commit 290ed306adba817ec4cb4f5207e63269e7990930
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
commit dfd49e9a54444aeb91fb80326a2b52b1b2b4fe5f
Merge: f843e04 290ed30 df39456
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:36 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f843e04b4c4cd54ee3f947dc222945f2d82812c6
commit f843e04b4c4cd54ee3f947dc222945f2d82812c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:36 2013 -0300
float
diff --git a/meta b/meta
index 499b44d..2107ada 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 07cc4f7a608825d04282ff8cf93024496dbcd0dd
-Head: 178c538fec626552e7ec57072a93b3715623e6ac
+Previous: df394563a1a1bdefbb23875c4edfd069bebfc906
+Head: 290ed306adba817ec4cb4f5207e63269e7990930
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
+ wip-manual-document-mt-safety-libdl.patch: 290ed306adba817ec4cb4f5207e63269e7990930
Unapplied:
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
@@ -23,7 +24,6 @@ Unapplied:
manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
- wip-manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/wip-manual-document-mt-safety-libdl.patch b/patches/wip-manual-document-mt-safety-libdl.patch
index 3be5a88..abfb497 100644
--- a/patches/wip-manual-document-mt-safety-libdl.patch
+++ b/patches/wip-manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
-Top: 52792116005976e16d455f880f0b2d381882e671
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: 08a4456877254843d89c18fe88e4c0431857fcff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df394563a1a1bdefbb23875c4edfd069bebfc906
commit df394563a1a1bdefbb23875c4edfd069bebfc906
Merge: 9803524 07cc4f7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:31 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=980352436391bca67ab0913116cf51fb5f9576a2
commit 980352436391bca67ab0913116cf51fb5f9576a2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:31 2013 -0300
goto
diff --git a/meta b/meta
index 4d6d6fe..499b44d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 89dab3a09c52dc578a0bf773023be89522f9e07c
-Head: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
+Previous: 07cc4f7a608825d04282ff8cf93024496dbcd0dd
+Head: 178c538fec626552e7ec57072a93b3715623e6ac
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
+Unapplied:
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
manual-document-mt-safety-llio.patch: 40fb222a22df4ba14615f2276530f1f17682e084
@@ -23,7 +24,6 @@ Applied:
manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
wip-manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
-Unapplied:
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07cc4f7a608825d04282ff8cf93024496dbcd0dd
commit 07cc4f7a608825d04282ff8cf93024496dbcd0dd
Merge: 4fbe0fd 89dab3a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:14 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4fbe0fd02915da0b97c6193433f064858047097f
commit 4fbe0fd02915da0b97c6193433f064858047097f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:14 2013 -0300
rename
diff --git a/meta b/meta
index a56a1ba..4d6d6fe 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 683b11d7ba63f7d33a738ee3e455d709430060a5
+Previous: 89dab3a09c52dc578a0bf773023be89522f9e07c
Head: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
@@ -22,7 +22,7 @@ Applied:
manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
- manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
+ wip-manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Unapplied:
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/wip-manual-document-mt-safety-libdl.patch
similarity index 100%
rename from patches/manual-document-mt-safety-libdl.patch
rename to patches/wip-manual-document-mt-safety-libdl.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=89dab3a09c52dc578a0bf773023be89522f9e07c
commit 89dab3a09c52dc578a0bf773023be89522f9e07c
Merge: 04e9c88 683b11d 1c3dd47
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:10 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=04e9c88f083f13dcd5dc89ec56408b62c0a3ce65
commit 04e9c88f083f13dcd5dc89ec56408b62c0a3ce65
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:10 2013 -0300
float
diff --git a/meta b/meta
index 8eb614f..a56a1ba 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
-Head: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
+Previous: 683b11d7ba63f7d33a738ee3e455d709430060a5
+Head: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -17,12 +17,12 @@ Applied:
manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
- manual-document-mt-safety-libdl.patch: 5830f31e3722b9269c618a39bfd56052c609d711
- manual-document-mt-safety-llio.patch: f7b80d2460a6a65a292c067bfaf12d714767bcf9
- manual-document-mt-safety-math.patch: abf0509619f09c0ea5350931563012ae3f2a84ff
- manual-document-mt-safety-resource.patch: c3461a1ad69328498c40542218f476af25478aec
- manual-document-mt-safety-search.patch: 51c941036cb82913f64a97d34be1d4236cb6fd4f
- manual-document-mt-safety-stdio.patch: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
+ manual-document-mt-safety-llio.patch: 40fb222a22df4ba14615f2276530f1f17682e084
+ manual-document-mt-safety-math.patch: 1f1722344cc379ee50d34f34beaf20fa65b35e2a
+ manual-document-mt-safety-resource.patch: 70fda0831b0d41b658cc1f962cc520e9c16d213e
+ manual-document-mt-safety-search.patch: c0dcc89166196b52cae3da929ae1573d65a3a79f
+ manual-document-mt-safety-stdio.patch: 3af704e77dec1dd398bc0f54ca39b1699c0302fe
+ manual-document-mt-safety-libdl.patch: 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Unapplied:
wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 51626a1..3be5a88 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
-Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Bottom: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
+Top: 52792116005976e16d455f880f0b2d381882e671
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 274aefd..4f4042d 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
-Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
+Top: d984e43548394d87c0dcc06e8f1f954337bf1f0b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 9f1572f..bdc9eab 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Bottom: d984e43548394d87c0dcc06e8f1f954337bf1f0b
+Top: ed5585f43f682f64747d87313aa8fa6455b413af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 8309358..9cf449a 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
-Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Bottom: ed5585f43f682f64747d87313aa8fa6455b413af
+Top: e75af3e584fdb6c5c7a273cced643b65589309d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 3e786ab..90717fa 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
-Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Bottom: e75af3e584fdb6c5c7a273cced643b65589309d7
+Top: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 1e0cfc0..e2e4efd 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
-Top: 52792116005976e16d455f880f0b2d381882e671
+Bottom: 0c26a00f734d8fe44375085ab3cbede5d3b6b712
+Top: 1ce30a1e33cc504649b7c4c096dbbfb1141d92f9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1c3dd47ad53efd25fa2a616493c73c3d197af0ff
commit 1c3dd47ad53efd25fa2a616493c73c3d197af0ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3af704e77dec1dd398bc0f54ca39b1699c0302fe
commit 3af704e77dec1dd398bc0f54ca39b1699c0302fe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c0dcc89166196b52cae3da929ae1573d65a3a79f
commit c0dcc89166196b52cae3da929ae1573d65a3a79f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=70fda0831b0d41b658cc1f962cc520e9c16d213e
commit 70fda0831b0d41b658cc1f962cc520e9c16d213e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1f1722344cc379ee50d34f34beaf20fa65b35e2a
commit 1f1722344cc379ee50d34f34beaf20fa65b35e2a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=40fb222a22df4ba14615f2276530f1f17682e084
commit 40fb222a22df4ba14615f2276530f1f17682e084
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=683b11d7ba63f7d33a738ee3e455d709430060a5
commit 683b11d7ba63f7d33a738ee3e455d709430060a5
Merge: 087e7c5 4ad8782
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:03 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=087e7c525fc9850ac2362eb36f93945216d985b9
commit 087e7c525fc9850ac2362eb36f93945216d985b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:19:03 2013 -0300
pop
diff --git a/meta b/meta
index f69e02d..8eb614f 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
-Head: 726e2d92020c1b7d1143d63c5b5137132e418c71
+Previous: 4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
+Head: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -23,8 +23,8 @@ Applied:
manual-document-mt-safety-resource.patch: c3461a1ad69328498c40542218f476af25478aec
manual-document-mt-safety-search.patch: 51c941036cb82913f64a97d34be1d4236cb6fd4f
manual-document-mt-safety-stdio.patch: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
- wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
Unapplied:
+ wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
commit 4ad8782a5913237d5f4f4770c0cb2997bf1e5d39
Merge: 6c92768 33d29b6 726e2d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:12 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c92768daac54ca055fa5e5e7a72f70982605cc9
commit 6c92768daac54ca055fa5e5e7a72f70982605cc9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:12 2013 -0300
float
diff --git a/meta b/meta
index 4f84155..f69e02d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b5b96c66612e157138c818fc8a3efb61be698f64
-Head: 156684c20844d37d6b15b923f58aff88991696a9
+Previous: 33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
+Head: 726e2d92020c1b7d1143d63c5b5137132e418c71
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -19,11 +19,11 @@ Applied:
manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
manual-document-mt-safety-libdl.patch: 5830f31e3722b9269c618a39bfd56052c609d711
manual-document-mt-safety-llio.patch: f7b80d2460a6a65a292c067bfaf12d714767bcf9
- wip-manual-document-mt-safety-locale.patch: ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
- manual-document-mt-safety-math.patch: 4651ae36240aaaf68cdb47687889274248e1274b
- manual-document-mt-safety-resource.patch: 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
- manual-document-mt-safety-search.patch: 974ea38cb1486c677456bd449b95ee18e3e7ecc3
- manual-document-mt-safety-stdio.patch: 156684c20844d37d6b15b923f58aff88991696a9
+ manual-document-mt-safety-math.patch: abf0509619f09c0ea5350931563012ae3f2a84ff
+ manual-document-mt-safety-resource.patch: c3461a1ad69328498c40542218f476af25478aec
+ manual-document-mt-safety-search.patch: 51c941036cb82913f64a97d34be1d4236cb6fd4f
+ manual-document-mt-safety-stdio.patch: e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
+ wip-manual-document-mt-safety-locale.patch: 726e2d92020c1b7d1143d63c5b5137132e418c71
Unapplied:
wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 66820ca..9f1572f 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 3fa9fb2..8309358 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: e27f818dd7517eeba6c572017e1d77241113d456
+Bottom: fca3ed18d5fc63652aeb45f6c8c8c8e1acfb3f02
+Top: 77b17631d0ac215fede974ceace7c0d6c28a75cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index fb52bb3..3e786ab 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: e27f818dd7517eeba6c572017e1d77241113d456
-Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Bottom: 77b17631d0ac215fede974ceace7c0d6c28a75cd
+Top: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 52710b6..1e0cfc0 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
-Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
+Bottom: cbe4e4c5b0ee9abd94487f5c47ff479c7d086400
+Top: 52792116005976e16d455f880f0b2d381882e671
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6515b05..d5c1830 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Bottom: 52792116005976e16d455f880f0b2d381882e671
+Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=726e2d92020c1b7d1143d63c5b5137132e418c71
commit 726e2d92020c1b7d1143d63c5b5137132e418c71
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
commit e69879f1fd2ffbc9da13aecf65eb9a6d2a10932d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=51c941036cb82913f64a97d34be1d4236cb6fd4f
commit 51c941036cb82913f64a97d34be1d4236cb6fd4f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c3461a1ad69328498c40542218f476af25478aec
commit c3461a1ad69328498c40542218f476af25478aec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=abf0509619f09c0ea5350931563012ae3f2a84ff
commit abf0509619f09c0ea5350931563012ae3f2a84ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
commit 33d29b6c8744e4e6e9ca69398c75e66fea7ee3ab
Merge: d2b3902 b5b96c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:07 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d2b3902ab3a56c273b4b0f8ceeafdac43505d564
commit d2b3902ab3a56c273b4b0f8ceeafdac43505d564
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:07 2013 -0300
pop
diff --git a/meta b/meta
index 1907fbf..4f84155 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6343a1a039c34d3c7408f4bb560c2515343360eb
-Head: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
+Previous: b5b96c66612e157138c818fc8a3efb61be698f64
+Head: 156684c20844d37d6b15b923f58aff88991696a9
Applied:
manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
@@ -24,8 +24,8 @@ Applied:
manual-document-mt-safety-resource.patch: 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
manual-document-mt-safety-search.patch: 974ea38cb1486c677456bd449b95ee18e3e7ecc3
manual-document-mt-safety-stdio.patch: 156684c20844d37d6b15b923f58aff88991696a9
- wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Unapplied:
+ wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b5b96c66612e157138c818fc8a3efb61be698f64
commit b5b96c66612e157138c818fc8a3efb61be698f64
Merge: cd4a235 a51d72b 6343a1a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:02 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cd4a235dffc1bc75049f7e08307c6784bd0c4868
commit cd4a235dffc1bc75049f7e08307c6784bd0c4868
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:16:02 2013 -0300
float
diff --git a/meta b/meta
index 1943013..1907fbf 100644
--- a/meta
+++ b/meta
@@ -1,30 +1,30 @@
Version: 1
-Previous: 62bbc3d80d58e685b5c3e655681849574ef8b421
-Head: cd940c77f411533af456e9cec1af020887deb9f7
+Previous: 6343a1a039c34d3c7408f4bb560c2515343360eb
+Head: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Applied:
- wip-manual-document-mt-safety-startup.patch: 805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
- manual-document-mt-safety.patch: 6302ecd89c407c9fa96dd9a6263175c8ef1dee48
- powerpc-nofpu-sim-note-nothread.patch: ebf259b70d2e3b3122af4e09e78b5112f9160389
- unused-scalb-is-scalbn.patch: cfe805ba9962e7ecb02cb7d91f07e877fccc1742
- manual-document-mt-safety-argp.patch: 12aba27e1c96ff9703ea9423bf471fa3f0454616
- manual-document-mt-safety-arith.patch: d4bc90d431da292824c33273485aab09d0c9ada3
- manual-document-mt-safety-charset.patch: 71ab9cf6aa2f9992310fda06683ba6db44faff8a
- manual-document-mt-safety-conf.patch: 0a6834ab437d116e8ebd6d9c7232f1daaf23e892
- manual-document-mt-safety-crypt.patch: 39e993dc2ae9653217a042eeedfe06456f1c9ea0
- manual-document-mt-safety-ctype.patch: 7ac8448e6d04eff177c2c665fdcbb07c93a917ad
- manual-document-mt-safety-debug.patch: 35461a82e984e8751071f7c46c048d911397fb9e
- manual-document-mt-safety-errno.patch: df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
- manual-document-mt-safety-filesys.patch: 833600d06ecc585f1dd82165a6c0af8f0b6e82c2
- manual-document-mt-safety-getopt.patch: 54959e6a17b3ca7272b56edee5293cea3b346c5f
- manual-document-mt-safety-job.patch: c25daa987c90bfad25cb4e1273fd92cf71fdf232
- manual-document-mt-safety-lang.patch: d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
- manual-document-mt-safety-libdl.patch: bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
- manual-document-mt-safety-llio.patch: c42f6feb7f97230157c3ceb687a159b84bb4d7d8
- wip-manual-document-mt-safety-locale.patch: e8c35213fe8fef0412e66e661ebd802026da720b
- manual-document-mt-safety-math.patch: 0fd2970206a6c8a76bebacec7637139b2007fb7e
- manual-document-mt-safety-resource.patch: b01f62db5594863fa7579f21f05ad57104fa679d
- manual-document-mt-safety-search.patch: fbbed37c987a939b69864e80aa62d0a79af16d45
- manual-document-mt-safety-stdio.patch: cd940c77f411533af456e9cec1af020887deb9f7
+ manual-document-mt-safety.patch: b636b87be9756886bb0f9f1396c31b42d3f83c23
+ powerpc-nofpu-sim-note-nothread.patch: 22b44b5585a77352a33172a9583ea1e002e1602c
+ unused-scalb-is-scalbn.patch: b290d7167651106f65de65171d52b70c6188329a
+ manual-document-mt-safety-argp.patch: 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
+ manual-document-mt-safety-arith.patch: f4268118ff7169b7016697e2344525b93dd6be01
+ manual-document-mt-safety-charset.patch: 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
+ manual-document-mt-safety-conf.patch: ada59d4ba350be38e3b5d960053eac19f0c22bf1
+ manual-document-mt-safety-crypt.patch: 06242cab8769046e2c3e9670de0b0e664f9624ef
+ manual-document-mt-safety-ctype.patch: 776df644b03f53de0e1d21d4b6e8df0fb287117e
+ manual-document-mt-safety-debug.patch: 90470ebb84408d72de8a13806b2e84801fbcc026
+ manual-document-mt-safety-errno.patch: 4c83ae2974e8153950355eca983b33e13bad7490
+ manual-document-mt-safety-filesys.patch: 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
+ manual-document-mt-safety-getopt.patch: 178c538fec626552e7ec57072a93b3715623e6ac
+ manual-document-mt-safety-job.patch: 07add391d6215283f7338e451060a144bd241bd9
+ manual-document-mt-safety-lang.patch: 722fae4ea63db2a00f51c08a14d723ad87fd97d9
+ manual-document-mt-safety-libdl.patch: 5830f31e3722b9269c618a39bfd56052c609d711
+ manual-document-mt-safety-llio.patch: f7b80d2460a6a65a292c067bfaf12d714767bcf9
+ wip-manual-document-mt-safety-locale.patch: ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
+ manual-document-mt-safety-math.patch: 4651ae36240aaaf68cdb47687889274248e1274b
+ manual-document-mt-safety-resource.patch: 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
+ manual-document-mt-safety-search.patch: 974ea38cb1486c677456bd449b95ee18e3e7ecc3
+ manual-document-mt-safety-stdio.patch: 156684c20844d37d6b15b923f58aff88991696a9
+ wip-manual-document-mt-safety-startup.patch: a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 482ace8..914e844 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 3015208671bba3feaab85a1d0587333944496507
-Top: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
+Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 49910ab..49b1456 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
-Top: f0342b90632c74b9a721b35d9c95ea85919ae5a4
+Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Top: 260809414e54f35864ab54b52fdbff3517f05f2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index 9e69579..c4d22ae 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: f0342b90632c74b9a721b35d9c95ea85919ae5a4
-Top: e24c4115f83f7eb92649db91634e17593123738e
+Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
+Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 920632a..0db760e 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: e24c4115f83f7eb92649db91634e17593123738e
-Top: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
+Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Top: 621eb53ac8713123406be43ebd474132b7c6e4de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 6f5b2da..20411b6 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
-Top: 8d7d2a6304d608c30830622d547d0885c92e4088
+Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
+Top: 25551ef91682bea014db1b2031e4dad60a4ba129
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 860831d..8700f8e 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 8d7d2a6304d608c30830622d547d0885c92e4088
-Top: b68c41c74be21ce5c0d141f46075c7c4824255a0
+Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
+Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index bbd624b..2063a20 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: b68c41c74be21ce5c0d141f46075c7c4824255a0
-Top: 8825d25214af5bd5f5000d77da51dd0136ce4967
+Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 4c0d22a..7b30386 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 8825d25214af5bd5f5000d77da51dd0136ce4967
-Top: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
+Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 27656d8..7b4e146 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
-Top: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
+Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 18640dd..753c8f5 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
-Top: e4f410db325f1ed99571de968b979924a181518e
+Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Top: 18760d732995b8379bc372377398a8fd58732762
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index 8683ffe..b4d3b96 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: e4f410db325f1ed99571de968b979924a181518e
-Top: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index 45c3684..eef82af 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
-Top: 8308f7496ee59e742bc30a47396ed16b09f4ed78
+Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Top: 95e3af012c2d8222ce9c18f313b200f086405d32
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index f0ef929..51626a1 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 8308f7496ee59e742bc30a47396ed16b09f4ed78
-Top: e209dda6062453b563bc99b39fdc7f9a8c570777
+Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
+Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index de6b6dc..274aefd 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: e209dda6062453b563bc99b39fdc7f9a8c570777
-Top: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
+Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Top: baf6738652c9240a7ea48273cff318ffb17716d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 1d22852..66820ca 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
-Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 6cbd7ab..3fa9fb2 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
-Top: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: e27f818dd7517eeba6c572017e1d77241113d456
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index 8e3e36f..fb52bb3 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
-Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Bottom: e27f818dd7517eeba6c572017e1d77241113d456
+Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 8b416af..52710b6 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Top: a529301c800b3ca93ba927e5d69da7dd7cafbae7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 36caa7a..e164c49 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
-Bottom: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
-Top: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
+Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
+Top: c59759fbdfb422ada848ebdd3845677059986449
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index a1d126e..7f2c050 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
-Top: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
+Bottom: c59759fbdfb422ada848ebdd3845677059986449
+Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 62fcad2..0fa4208 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
-Top: 3015208671bba3feaab85a1d0587333944496507
+Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 2c23cb9..6515b05 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
-Top: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index 6de832f..0cf63b1 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
+Bottom: a529301c800b3ca93ba927e5d69da7dd7cafbae7
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
commit a51d72b2f27eae1bcf41a5aeb4718ed837ef2701
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=156684c20844d37d6b15b923f58aff88991696a9
commit 156684c20844d37d6b15b923f58aff88991696a9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=974ea38cb1486c677456bd449b95ee18e3e7ecc3
commit 974ea38cb1486c677456bd449b95ee18e3e7ecc3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
commit 42e85e03ab026a86c127b7d0ec7fb94e1a94f75f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=178c538fec626552e7ec57072a93b3715623e6ac
commit 178c538fec626552e7ec57072a93b3715623e6ac
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=722fae4ea63db2a00f51c08a14d723ad87fd97d9
commit 722fae4ea63db2a00f51c08a14d723ad87fd97d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f7b80d2460a6a65a292c067bfaf12d714767bcf9
commit f7b80d2460a6a65a292c067bfaf12d714767bcf9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4651ae36240aaaf68cdb47687889274248e1274b
commit 4651ae36240aaaf68cdb47687889274248e1274b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
commit 75c783a7f653a4396cb2f3a1314fac5bda1b5a8f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07add391d6215283f7338e451060a144bd241bd9
commit 07add391d6215283f7338e451060a144bd241bd9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5830f31e3722b9269c618a39bfd56052c609d711
commit 5830f31e3722b9269c618a39bfd56052c609d711
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
commit ad4e6d6ef856e42ce04d66bc8c06c31523edb9bb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4c83ae2974e8153950355eca983b33e13bad7490
commit 4c83ae2974e8153950355eca983b33e13bad7490
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=90470ebb84408d72de8a13806b2e84801fbcc026
commit 90470ebb84408d72de8a13806b2e84801fbcc026
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=776df644b03f53de0e1d21d4b6e8df0fb287117e
commit 776df644b03f53de0e1d21d4b6e8df0fb287117e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=06242cab8769046e2c3e9670de0b0e664f9624ef
commit 06242cab8769046e2c3e9670de0b0e664f9624ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ada59d4ba350be38e3b5d960053eac19f0c22bf1
commit ada59d4ba350be38e3b5d960053eac19f0c22bf1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
commit 2ba73f56d3ec95471df9cefd6db9935ec8bdc4ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2bd5708daeac2ff089c6eebd6944f4ced306e4d8
commit 2bd5708daeac2ff089c6eebd6944f4ced306e4d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..07f27c9 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b636b87be9756886bb0f9f1396c31b42d3f83c23
commit b636b87be9756886bb0f9f1396c31b42d3f83c23
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f4268118ff7169b7016697e2344525b93dd6be01
commit f4268118ff7169b7016697e2344525b93dd6be01
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
commit 5604d817c0a7feccf5aa0dfa7cb2d583d86ec65f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b290d7167651106f65de65171d52b70c6188329a
commit b290d7167651106f65de65171d52b70c6188329a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22b44b5585a77352a33172a9583ea1e002e1602c
commit 22b44b5585a77352a33172a9583ea1e002e1602c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6343a1a039c34d3c7408f4bb560c2515343360eb
commit 6343a1a039c34d3c7408f4bb560c2515343360eb
Merge: 52c6e12 cd940c7 62bbc3d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:47 2013 -0300
sink
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=52c6e12e2a8d569f205756903cc1d228dcc428e5
commit 52c6e12e2a8d569f205756903cc1d228dcc428e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:47 2013 -0300
sink
diff --git a/meta b/meta
index 0ca07b4..1943013 100644
--- a/meta
+++ b/meta
@@ -1,30 +1,30 @@
Version: 1
-Previous: dd7582572f4b13b728b2961d9fffe5f522a89528
-Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+Previous: 62bbc3d80d58e685b5c3e655681849574ef8b421
+Head: cd940c77f411533af456e9cec1af020887deb9f7
Applied:
- manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
- powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
- unused-scalb-is-scalbn.patch: 62694b21850cd676e82306bc82418b952b9d3d31
- manual-document-mt-safety-argp.patch: 8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
- manual-document-mt-safety-arith.patch: 5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
- manual-document-mt-safety-charset.patch: 296ae41496afc524f6f75648a3298a5419b46990
- manual-document-mt-safety-conf.patch: 95b0911edf2eb244430d9533ec0a8a3f7058581c
- manual-document-mt-safety-crypt.patch: e600904c5eab885a1a7c8aef6bb2f570bd201275
- manual-document-mt-safety-ctype.patch: 727a9c49e98194570a2c85e47c355bcc55398cd9
- manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
- manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
- manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
- manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
- manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
- manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
- manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
- manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
- wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
- manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
- manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
- manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
- wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
- manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+ wip-manual-document-mt-safety-startup.patch: 805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
+ manual-document-mt-safety.patch: 6302ecd89c407c9fa96dd9a6263175c8ef1dee48
+ powerpc-nofpu-sim-note-nothread.patch: ebf259b70d2e3b3122af4e09e78b5112f9160389
+ unused-scalb-is-scalbn.patch: cfe805ba9962e7ecb02cb7d91f07e877fccc1742
+ manual-document-mt-safety-argp.patch: 12aba27e1c96ff9703ea9423bf471fa3f0454616
+ manual-document-mt-safety-arith.patch: d4bc90d431da292824c33273485aab09d0c9ada3
+ manual-document-mt-safety-charset.patch: 71ab9cf6aa2f9992310fda06683ba6db44faff8a
+ manual-document-mt-safety-conf.patch: 0a6834ab437d116e8ebd6d9c7232f1daaf23e892
+ manual-document-mt-safety-crypt.patch: 39e993dc2ae9653217a042eeedfe06456f1c9ea0
+ manual-document-mt-safety-ctype.patch: 7ac8448e6d04eff177c2c665fdcbb07c93a917ad
+ manual-document-mt-safety-debug.patch: 35461a82e984e8751071f7c46c048d911397fb9e
+ manual-document-mt-safety-errno.patch: df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
+ manual-document-mt-safety-filesys.patch: 833600d06ecc585f1dd82165a6c0af8f0b6e82c2
+ manual-document-mt-safety-getopt.patch: 54959e6a17b3ca7272b56edee5293cea3b346c5f
+ manual-document-mt-safety-job.patch: c25daa987c90bfad25cb4e1273fd92cf71fdf232
+ manual-document-mt-safety-lang.patch: d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
+ manual-document-mt-safety-libdl.patch: bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
+ manual-document-mt-safety-llio.patch: c42f6feb7f97230157c3ceb687a159b84bb4d7d8
+ wip-manual-document-mt-safety-locale.patch: e8c35213fe8fef0412e66e661ebd802026da720b
+ manual-document-mt-safety-math.patch: 0fd2970206a6c8a76bebacec7637139b2007fb7e
+ manual-document-mt-safety-resource.patch: b01f62db5594863fa7579f21f05ad57104fa679d
+ manual-document-mt-safety-search.patch: fbbed37c987a939b69864e80aa62d0a79af16d45
+ manual-document-mt-safety-stdio.patch: cd940c77f411533af456e9cec1af020887deb9f7
Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 914e844..482ace8 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
-Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Bottom: 3015208671bba3feaab85a1d0587333944496507
+Top: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 49b1456..49910ab 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
-Top: 260809414e54f35864ab54b52fdbff3517f05f2e
+Bottom: 3bf770a43ecbc7a48273b81910c72f77782ed1ca
+Top: f0342b90632c74b9a721b35d9c95ea85919ae5a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index c4d22ae..9e69579 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
-Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Bottom: f0342b90632c74b9a721b35d9c95ea85919ae5a4
+Top: e24c4115f83f7eb92649db91634e17593123738e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index 0db760e..920632a 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
-Top: 621eb53ac8713123406be43ebd474132b7c6e4de
+Bottom: e24c4115f83f7eb92649db91634e17593123738e
+Top: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 20411b6..6f5b2da 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
-Top: 25551ef91682bea014db1b2031e4dad60a4ba129
+Bottom: b5ee8a1d755fc9b47ec6c5b52642ba912dd57f1c
+Top: 8d7d2a6304d608c30830622d547d0885c92e4088
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 8700f8e..860831d 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
-Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Bottom: 8d7d2a6304d608c30830622d547d0885c92e4088
+Top: b68c41c74be21ce5c0d141f46075c7c4824255a0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index 2063a20..bbd624b 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
-Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Bottom: b68c41c74be21ce5c0d141f46075c7c4824255a0
+Top: 8825d25214af5bd5f5000d77da51dd0136ce4967
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 7b30386..4c0d22a 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
-Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Bottom: 8825d25214af5bd5f5000d77da51dd0136ce4967
+Top: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 7b4e146..27656d8 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
-Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Bottom: 3c15ad10698d40f3a9a3f3cf4d5494cdbb3f36d3
+Top: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index 753c8f5..18640dd 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
-Top: 18760d732995b8379bc372377398a8fd58732762
+Bottom: 19a289ef47d8b90cc68b095d1ee674a14b6cfcd6
+Top: e4f410db325f1ed99571de968b979924a181518e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
index b4d3b96..8683ffe 100644
--- a/patches/manual-document-mt-safety-job.patch
+++ b/patches/manual-document-mt-safety-job.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Bottom: e4f410db325f1ed99571de968b979924a181518e
+Top: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:15 -0300
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
index eef82af..45c3684 100644
--- a/patches/manual-document-mt-safety-lang.patch
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -1,5 +1,5 @@
-Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
-Top: 95e3af012c2d8222ce9c18f313b200f086405d32
+Bottom: 4ea71e22c9fe558431bb0c09aff41b873f8cb26a
+Top: 8308f7496ee59e742bc30a47396ed16b09f4ed78
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:32 -0300
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
index 51626a1..f0ef929 100644
--- a/patches/manual-document-mt-safety-libdl.patch
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -1,5 +1,5 @@
-Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
-Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Bottom: 8308f7496ee59e742bc30a47396ed16b09f4ed78
+Top: e209dda6062453b563bc99b39fdc7f9a8c570777
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:08:59 -0300
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
index 274aefd..de6b6dc 100644
--- a/patches/manual-document-mt-safety-llio.patch
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -1,5 +1,5 @@
-Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
-Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Bottom: e209dda6062453b563bc99b39fdc7f9a8c570777
+Top: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:09:32 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 66820ca..1d22852 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Bottom: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
+Top: 151392b3790f3070194c6e79b03e9b88b9fb3052
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 3fa9fb2..6cbd7ab 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
-Top: e27f818dd7517eeba6c572017e1d77241113d456
+Bottom: 151392b3790f3070194c6e79b03e9b88b9fb3052
+Top: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
index fb52bb3..8e3e36f 100644
--- a/patches/manual-document-mt-safety-search.patch
+++ b/patches/manual-document-mt-safety-search.patch
@@ -1,5 +1,5 @@
-Bottom: e27f818dd7517eeba6c572017e1d77241113d456
-Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Bottom: fc7b8a7dee8f458b513deaaf4f60d03ca33535c2
+Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:55 -0300
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index e164c49..36caa7a 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
-Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: c59759fbdfb422ada848ebdd3845677059986449
+Bottom: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
+Top: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index 7f2c050..a1d126e 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: c59759fbdfb422ada848ebdd3845677059986449
-Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Bottom: 72ab4d51f78fd9a15e02a670cc921a59761f3ffb
+Top: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 0fa4208..62fcad2 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
-Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Bottom: 47b4fcd31a0f1ee3c6e9b10a9512e2afc2975e5f
+Top: 3015208671bba3feaab85a1d0587333944496507
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 6515b05..2c23cb9 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Bottom: 5f68670b8dd4ad6830a841a3dc70f473f514faaf
+Top: 40bcd99e1057f6cfbf0a4f7686699d08270ed358
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
index cd2fcf0..6de832f 100644
--- a/patches/wip-manual-document-mt-safety-startup.patch
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -1,5 +1,5 @@
-Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
-Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
+Top: 5efab0c449ae83db3aa70ebd97b31e7fb29fe50b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:12:28 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cd940c77f411533af456e9cec1af020887deb9f7
commit cd940c77f411533af456e9cec1af020887deb9f7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fbbed37c987a939b69864e80aa62d0a79af16d45
commit fbbed37c987a939b69864e80aa62d0a79af16d45
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b01f62db5594863fa7579f21f05ad57104fa679d
commit b01f62db5594863fa7579f21f05ad57104fa679d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0fd2970206a6c8a76bebacec7637139b2007fb7e
commit 0fd2970206a6c8a76bebacec7637139b2007fb7e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e8c35213fe8fef0412e66e661ebd802026da720b
commit e8c35213fe8fef0412e66e661ebd802026da720b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c42f6feb7f97230157c3ceb687a159b84bb4d7d8
commit c42f6feb7f97230157c3ceb687a159b84bb4d7d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
commit bf1322ac2f5a65a30bc797fa97ba036fa9ded52b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
commit d6fbd9b15e0b0a304a84dd9a10e07d1a7b94ddfa
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c25daa987c90bfad25cb4e1273fd92cf71fdf232
commit c25daa987c90bfad25cb4e1273fd92cf71fdf232
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=54959e6a17b3ca7272b56edee5293cea3b346c5f
commit 54959e6a17b3ca7272b56edee5293cea3b346c5f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=833600d06ecc585f1dd82165a6c0af8f0b6e82c2
commit 833600d06ecc585f1dd82165a6c0af8f0b6e82c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
commit df11bbcd0fcc1b33c747f8e9cb13d296575e0f3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35461a82e984e8751071f7c46c048d911397fb9e
commit 35461a82e984e8751071f7c46c048d911397fb9e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ac8448e6d04eff177c2c665fdcbb07c93a917ad
commit 7ac8448e6d04eff177c2c665fdcbb07c93a917ad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=39e993dc2ae9653217a042eeedfe06456f1c9ea0
commit 39e993dc2ae9653217a042eeedfe06456f1c9ea0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0a6834ab437d116e8ebd6d9c7232f1daaf23e892
commit 0a6834ab437d116e8ebd6d9c7232f1daaf23e892
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=71ab9cf6aa2f9992310fda06683ba6db44faff8a
commit 71ab9cf6aa2f9992310fda06683ba6db44faff8a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d4bc90d431da292824c33273485aab09d0c9ada3
commit d4bc90d431da292824c33273485aab09d0c9ada3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=12aba27e1c96ff9703ea9423bf471fa3f0454616
commit 12aba27e1c96ff9703ea9423bf471fa3f0454616
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cfe805ba9962e7ecb02cb7d91f07e877fccc1742
commit cfe805ba9962e7ecb02cb7d91f07e877fccc1742
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebf259b70d2e3b3122af4e09e78b5112f9160389
commit ebf259b70d2e3b3122af4e09e78b5112f9160389
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6302ecd89c407c9fa96dd9a6263175c8ef1dee48
commit 6302ecd89c407c9fa96dd9a6263175c8ef1dee48
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
commit 805b53d0709375c42ca52cdb1b8e1a9e9dc041a1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=62bbc3d80d58e685b5c3e655681849574ef8b421
commit 62bbc3d80d58e685b5c3e655681849574ef8b421
Merge: 0e55a9c dd75825
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:37 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0e55a9c6ec47f13061f558ee8470974665beab5d
commit 0e55a9c6ec47f13061f558ee8470974665beab5d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:37 2013 -0300
pop
diff --git a/meta b/meta
index 67b2216..0ca07b4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 20f589de14be98a69a13023b7d7b978a7098b118
-Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
+Previous: dd7582572f4b13b728b2961d9fffe5f522a89528
+Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -25,9 +25,9 @@ Applied:
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+Unapplied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dd7582572f4b13b728b2961d9fffe5f522a89528
commit dd7582572f4b13b728b2961d9fffe5f522a89528
Merge: e6a6049 20f589d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:16 2013 -0300
delete
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6a6049d014d552c0cf6925f4b29c47e927b4e28
commit e6a6049d014d552c0cf6925f4b29c47e927b4e28
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:16 2013 -0300
delete
diff --git a/meta b/meta
index 6208427..67b2216 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 3152fe9b71d25e5a079af8a12b1ab66c69174413
-Head: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
+Previous: 20f589de14be98a69a13023b7d7b978a7098b118
+Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -29,6 +29,5 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
- manual-document-mt-safety-wip.patch: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
deleted file mode 100644
index 46ded4a..0000000
--- a/patches/manual-document-mt-safety-wip.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Bottom: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
-Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:41 -0300
-
-Thread safety documentation.
-
-for ChangeLog
-
- * manual/???.texi: Document thread safety properties.
-
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=20f589de14be98a69a13023b7d7b978a7098b118
commit 20f589de14be98a69a13023b7d7b978a7098b118
Merge: 9f26d9d 4fbc047 3152fe9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:04 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9f26d9d88a728ee83429283429062fd7da5352ec
commit 9f26d9d88a728ee83429283429062fd7da5352ec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:15:04 2013 -0300
push
diff --git a/meta b/meta
index 2ab621e..6208427 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 32cc08f6887f254257307044a1da7e83889300d8
-Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
+Previous: 3152fe9b71d25e5a079af8a12b1ab66c69174413
+Head: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -29,6 +29,6 @@ Applied:
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
+ manual-document-mt-safety-wip.patch: 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Unapplied:
- manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 0350f71..46ded4a 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,4 +1,4 @@
-Bottom: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
+Bottom: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -12,1296 +12,4 @@ for ChangeLog
---
-diff --git a/manual/job.texi b/manual/job.texi
-index 4efeed3..779ea96 100644
---- a/manual/job.texi
-+++ b/manual/job.texi
-@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
- @comment stdio.h
- @comment POSIX.1
- @deftypefun {char *} ctermid (char *@var{string})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This function is a stub by default; the actual implementation, for
-+@c posix systems, returns an internal buffer if passed a NULL string,
-+@c but the internal buffer is always set to /dev/tty.
- The @code{ctermid} function returns a string containing the file name of
- the controlling terminal for the current process. If @var{string} is
- not a null pointer, it should be an array that can hold at least
-@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
- @comment unistd.h
- @comment POSIX.1
- @deftypefun pid_t setsid (void)
-+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
-+@c This is usually a direct syscall, but if a syscall is not available,
-+@c we use a stub, or Hurd- and BSD-specific implementations. The former
-+@c uses a mutex and a hurd critical section, and the latter issues a few
-+@c syscalls, so both seem safe, except for the locking on Hurd.
- The @code{setsid} function creates a new session. The calling process
- becomes the session leader, and is put in a new process group whose
- process group ID is the same as the process ID of that process. There
-@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
- @comment unistd.h
- @comment SVID
- @deftypefun pid_t getsid (pid_t @var{pid})
--
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub or direct syscall, except on hurd, where it is equally safe.
- The @code{getsid} function returns the process group ID of the session
- leader of the specified process. If a @var{pid} is @code{0}, the
- process group ID of the session leader of the current process is
-@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
- @comment unistd.h
- @comment POSIX.1
- @deftypefn {POSIX.1 Function} pid_t getpgrp (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Wrapper for getpgid.
- The POSIX.1 definition of @code{getpgrp} returns the process group ID of
- the calling process.
- @end deftypefn
-@@ -1141,6 +1153,8 @@ the calling process.
- @comment unistd.h
- @comment BSD
- @deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Wrapper for getpgid.
- The BSD definition of @code{getpgrp} returns the process group ID of the
- process @var{pid}. You can supply a value of @code{0} for the @var{pid}
- argument to get information about the calling process.
-@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
- @comment unistd.h
- @comment SVID
- @deftypefn {System V Function} int getpgid (pid_t @var{pid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub or direct syscall, except on hurd, where it is equally safe.
-
- @code{getpgid} is the same as the BSD function @code{getpgrp}. It
- returns the process group ID of the process @var{pid}. You can supply a
-@@ -1171,6 +1187,8 @@ process.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub or direct syscall, except on hurd, where it is equally safe.
- The @code{setpgid} function puts the process @var{pid} into the process
- group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
- be zero to indicate the process ID of the calling process.
-@@ -1208,6 +1226,8 @@ process or a child of the calling process.
- @comment unistd.h
- @comment BSD
- @deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct syscall or setpgid wrapper.
- This is the BSD Unix name for @code{setpgid}. Both functions do exactly
- the same thing.
- @end deftypefun
-@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun pid_t tcgetpgrp (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub, or ioctl on BSD and GNU/Linux.
- This function returns the process group ID of the foreground process
- group associated with the terminal open on descriptor @var{filedes}.
-
-@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Stub, or ioctl on BSD and GNU/Linux.
- This function is used to set a terminal's foreground process group ID.
- The argument @var{filedes} is a descriptor which specifies the terminal;
- @var{pgid} specifies the process group. The calling process must be a
-@@ -1297,6 +1321,8 @@ process.
- @comment termios.h
- @comment Unix98
- @deftypefun pid_t tcgetsid (int @var{fildes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
- This function is used to obtain the process group ID of the session
- for which the terminal specified by @var{fildes} is the controlling terminal.
- If the call is successful the group ID is returned. Otherwise the
-diff --git a/manual/lang.texi b/manual/lang.texi
-index ee04e23..d6cd90c 100644
---- a/manual/lang.texi
-+++ b/manual/lang.texi
-@@ -51,6 +51,8 @@ without indicating anything might be wrong.
- @comment assert.h
- @comment ISO
- @deftypefn Macro void assert (int @var{expression})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
-+@c assert_fail_base calls asprintf, and fflushes stderr.
- Verify the programmer's belief that @var{expression} is nonzero at
- this point in the program.
-
-@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
- @comment assert.h
- @comment GNU
- @deftypefn Macro void assert_perror (int @var{errnum})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
-+@c assert_fail_base calls asprintf, and fflushes stderr.
- Similar to @code{assert}, but verifies that @var{errnum} is zero.
-
- If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
-@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
- @comment stdarg.h
- @comment ISO
- @deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- This macro initializes the argument pointer variable @var{ap} to point
- to the first of the optional arguments of the current function;
- @var{last-required} must be the last required argument to the function.
-@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
- @comment stdarg.h
- @comment ISO
- @deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- The @code{va_arg} macro returns the value of the next optional argument,
- and modifies the value of @var{ap} to point to the subsequent argument.
- Thus, successive uses of @code{va_arg} return successive optional
-@@ -445,6 +453,8 @@ of the actual argument.
- @comment stdarg.h
- @comment ISO
- @deftypefn {Macro} void va_end (va_list @var{ap})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- This ends the use of @var{ap}. After a @code{va_end} call, further
- @code{va_arg} calls with the same @var{ap} may not work. You should invoke
- @code{va_end} before returning from the function in which @code{va_start}
-@@ -466,6 +476,8 @@ of the same type.
- @comment ISO
- @deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
- @deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- The @code{va_copy} macro allows copying of objects of type
- @code{va_list} even if this is not an integral type. The argument pointer
- in @var{dest} is initialized to point to the same argument as the
-@@ -1212,6 +1224,8 @@ type of a particular structure member.
- @comment stddef.h
- @comment ISO
- @deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is no longer provided by glibc, but rather by the compiler.
- This expands to a integer constant expression that is the offset of the
- structure member named @var{member} in the structure type @var{type}.
- For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
-diff --git a/manual/libdl.texi b/manual/libdl.texi
-new file mode 100644
-index 0000000..e3fe045
---- /dev/null
-+++ b/manual/libdl.texi
-@@ -0,0 +1,10 @@
-+@c FIXME these are undocumented:
-+@c dladdr
-+@c dladdr1
-+@c dlclose
-+@c dlerror
-+@c dlinfo
-+@c dlmopen
-+@c dlopen
-+@c dlsym
-+@c dlvsym
-diff --git a/manual/llio.texi b/manual/llio.texi
-index b129cf4..66370c4 100644
---- a/manual/llio.texi
-+++ b/manual/llio.texi
-@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
- @comment fcntl.h
- @comment POSIX.1
- @deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- The @code{open} function creates and returns a new file descriptor for
- the file named by @var{filename}. Initially, the file position
- indicator for the file is at the beginning of the file. The argument
-@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
- @comment fcntl.h
- @comment Unix98
- @deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- This function is similar to @code{open}. It returns a file descriptor
- which can be used to access the file named by @var{filename}. The only
- difference is that on 32 bit systems the file is opened in the
-@@ -178,6 +180,7 @@ replaces the old API.
- @comment fcntl.h
- @comment POSIX.1
- @deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- This function is obsolete. The call:
-
- @smallexample
-@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
- @comment fcntl.h
- @comment Unix98
- @deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- This function is similar to @code{creat}. It returns a file descriptor
- which can be used to access the file named by @var{filename}. The only
- the difference is that on 32 bit systems the file is opened in the
-@@ -219,6 +223,7 @@ replaces the old API.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int close (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
- The function @code{close} closes the file descriptor @var{filedes}.
- Closing a file has the following consequences:
-
-@@ -300,6 +305,7 @@ but must be a signed type.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{read} function reads up to @var{size} bytes from the file
- with descriptor @var{filedes}, storing the results in the @var{buffer}.
- (This is not necessarily a character string, and no terminating null
-@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
-+@c used anywhere?
- The @code{pread} function is similar to the @code{read} function. The
- first three arguments are identical, and the return values and error
- codes also correspond.
-@@ -430,6 +440,10 @@ version 2.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
-+@c it used anywhere?
- This function is similar to the @code{pread} function. The difference
- is that the @var{offset} parameter is of type @code{off64_t} instead of
- @code{off_t} which makes it possible on 32 bit machines to address
-@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
- @comment unistd.h
- @comment POSIX.1
- @deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{write} function writes up to @var{size} bytes from
- @var{buffer} to the file with descriptor @var{filedes}. The data in
- @var{buffer} is not necessarily a character string and a null character is
-@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
-+@c used anywhere?
- The @code{pwrite} function is similar to the @code{write} function. The
- first three arguments are identical, and the return values and error codes
- also correspond.
-@@ -592,6 +611,10 @@ version 2.
- @comment unistd.h
- @comment Unix98
- @deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
-+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
-+@c is it used anywhere?
- This function is similar to the @code{pwrite} function. The difference
- is that the @var{offset} parameter is of type @code{off64_t} instead of
- @code{off_t} which makes it possible on 32 bit machines to address
-@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
- @comment unistd.h
- @comment POSIX.1
- @deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{lseek} function is used to change the file position of the
- file with descriptor @var{filedes}.
-
-@@ -713,6 +737,7 @@ descriptors.
- @comment unistd.h
- @comment Unix98
- @deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to the @code{lseek} function. The difference
- is that the @var{offset} parameter is of type @code{off64_t} instead of
- @code{off_t} which makes it possible on 32 bit machines to address
-@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
- @comment stdio.h
- @comment POSIX.1
- @deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
- The @code{fdopen} function returns a new stream for the file descriptor
- @var{filedes}.
-
-@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
- @comment stdio.h
- @comment POSIX.1
- @deftypefun int fileno (FILE *@var{stream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function returns the file descriptor associated with the stream
- @var{stream}. If an error is detected (for example, if the @var{stream}
- is not valid) or if @var{stream} does not do I/O to a file,
-@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
- @comment stdio.h
- @comment GNU
- @deftypefun int fileno_unlocked (FILE *@var{stream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fileno_unlocked} function is equivalent to the @code{fileno}
- function except that it does not implicitly lock the stream if the state
- is @code{FSETLOCKING_INTERNAL}.
-@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
- @comment sys/uio.h
- @comment BSD
- @deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
--
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
-+@c with old kernels that lack a full readv/writev implementation, may
-+@c malloc the buffer into which data is read, if the total read size is
-+@c too large for alloca.
- The @code{readv} function reads data from @var{filedes} and scatters it
- into the buffers described in @var{vector}, which is taken to be
- @var{count} structures long. As each buffer is filled, data is sent to the
-@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
- @comment sys/uio.h
- @comment BSD
- @deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
-+@c with old kernels that lack a full readv/writev implementation, may
-+@c malloc the buffer from which data is written, if the total write size
-+@c is too large for alloca.
-
- The @code{writev} function gathers data from the buffers described in
- @var{vector}, which is taken to be @var{count} structures long, and writes
-@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The @code{mmap} function creates a new mapping, connected to bytes
- (@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
-@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
- @comment sys/mman.h
- @comment LFS
- @deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
-+@c is) would be thread-unsafe.
- The @code{mmap64} function is equivalent to the @code{mmap} function but
- the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
- this allows the file associated with the @var{filedes} descriptor to be
-@@ -1284,6 +1325,7 @@ replaces the old API.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun int munmap (void *@var{addr}, size_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- @code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
- @var{length}). @var{length} should be the length of the mapping.
-@@ -1310,6 +1352,7 @@ aligned.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- When using shared mappings, the kernel can write the file at any time
- before the mapping is removed. To be certain data has actually been
-@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
- @comment sys/mman.h
- @comment GNU
- @deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This function can be used to change the size of an existing memory
- area. @var{address} and @var{length} must cover a region entirely mapped
-@@ -1405,6 +1449,7 @@ Coding Standards}.
- @comment sys/mman.h
- @comment POSIX
- @deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This function can be used to provide the system with @var{advice} about
- the intended usage patterns of the memory region starting at @var{addr}
-@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro void FD_ZERO (fd_set *@var{set})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro initializes the file descriptor set @var{set} to be the
- empty set.
- @end deftypefn
-@@ -1538,6 +1584,9 @@ empty set.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Setting a bit isn't necessarily atomic, so there's a potential race
-+@c here if set is not used exclusively.
- This macro adds @var{filedes} to the file descriptor set @var{set}.
-
- The @var{filedes} parameter must not have side effects since it is
-@@ -1547,6 +1596,9 @@ evaluated more than once.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Setting a bit isn't necessarily atomic, so there's a potential race
-+@c here if set is not used exclusively.
- This macro removes @var{filedes} from the file descriptor set @var{set}.
-
- The @var{filedes} parameter must not have side effects since it is
-@@ -1556,6 +1608,7 @@ evaluated more than once.
- @comment sys/types.h
- @comment BSD
- @deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value (true) if @var{filedes} is a member
- of the file descriptor set @var{set}, and zero (false) otherwise.
-
-@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
- @comment sys/types.h
- @comment BSD
- @deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The select syscall is preferred, but pselect6 may be used instead,
-+@c which requires converting timeout to a timespec and back. The
-+@c conversions are not atomic.
- The @code{select} function blocks the calling process until there is
- activity on any of the specified sets of file descriptors, or until the
- timeout period has expired.
-@@ -1670,6 +1727,7 @@ they return.
- @comment unistd.h
- @comment X/Open
- @deftypefun void sync (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- A call to this function will not return as long as there is data which
- has not been written to the device. All dirty buffers in the kernel will
- be written and so an overall consistent system can be achieved (if no
-@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
- @comment unistd.h
- @comment POSIX
- @deftypefun int fsync (int @var{fildes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fsync} function can be used to make sure all data associated with
- the open file @var{fildes} is written to the device associated with the
- descriptor. The function call does not return unless all actions have
-@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
- @comment unistd.h
- @comment POSIX
- @deftypefun int fdatasync (int @var{fildes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- When a call to the @code{fdatasync} function returns, it is ensured
- that all of the file data is written to the device. For all pending I/O
- operations, the parts guaranteeing data integrity finished.
-@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_read (struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Calls aio_enqueue_request.
-+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
-+@c pthread_self ok
-+@c pthread_getschedparam selfdeadlock, lockleak
-+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
-+@c sched_getparam ok
-+@c sched_getscheduler ok
-+@c lll_unlock lockleak
-+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
-+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
-+@c realloc asmalloc, memleak
-+@c calloc asmalloc, memleak
-+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
-+@c pthread_attr_init ok
-+@c pthread_attr_setdetachstate ok
-+@c pthread_get_minstack ok
-+@c pthread_attr_setstacksize ok
-+@c sigfillset ok
-+@c memset ok
-+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
-+@c SYSCALL rt_sigprocmask ok
-+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
-+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
-+@c alloca/malloc asmalloc, memleak
-+@c lll_unlock lockleak
-+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
-+@c getpagesize dup
-+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
-+@c lll_unlock lockleak
-+@c _dl_allocate_tls asmalloc, memleak
-+@c _dl_allocate_tls_storage asmalloc, memleak
-+@c memalign asmalloc, memleak
-+@c memset ok
-+@c allocate_dtv dup
-+@c free asmalloc, memleak
-+@c allocate_dtv asmalloc, memleak
-+@c calloc asmalloc, memleak
-+@c INSTALL_DTV ok
-+@c list_add dup
-+@c get_cached_stack
-+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
-+@c list_for_each ok
-+@c list_entry dup
-+@c FREE_P dup
-+@c stack_list_del dup
-+@c stack_list_add dup
-+@c lll_unlock lockleak
-+@c _dl_allocate_tls_init ok
-+@c GET_DTV ok
-+@c mmap ok
-+@c atomic_increment_val ok
-+@c munmap ok
-+@c change_stack_perm ok
-+@c mprotect ok
-+@c mprotect ok
-+@c stack_list_del dup
-+@c _dl_deallocate_tls dup
-+@c munmap ok
-+@c THREAD_COPY_STACK_GUARD ok
-+@c THREAD_COPY_POINTER_GUARD ok
-+@c atomic_exchange_acq ok
-+@c lll_futex_wake ok
-+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
-+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
-+@c stack_list_del ok
-+@c atomic_write_barrier ok
-+@c list_del ok [uunguard]
-+@c atomic_write_barrier ok
-+@c queue_stack asmalloc, memleak
-+@c stack_list_add ok
-+@c atomic_write_barrier ok
-+@c list_add ok [uunguard]
-+@c atomic_write_barrier ok
-+@c free_stacks asmalloc, memleak
-+@c list_for_each_prev_safe ok
-+@c list_entry ok
-+@c FREE_P ok
-+@c stack_list_del dup
-+@c _dl_deallocate_tls dup
-+@c munmap ok
-+@c _dl_deallocate_tls asmalloc, memleak
-+@c free asmalloc, memleak
-+@c lll_unlock lockleak
-+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
-+@c td_eventword
-+@c td_eventmask
-+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
-+@c PREPARE_CREATE ok
-+@c lll_lock (pd->lock) selfdeadlock, lockleak
-+@c atomic_increment ok
-+@c clone ok
-+@c atomic_decrement ok
-+@c atomic_exchange_acq ok
-+@c lll_futex_wake ok
-+@c deallocate_stack dup
-+@c sched_setaffinity ok
-+@c tgkill ok
-+@c sched_setscheduler ok
-+@c atomic_compare_and_exchange_bool_acq ok
-+@c nptl_create_event ok
-+@c lll_unlock (pd->lock) lockleak
-+@c free asmalloc, memleak
-+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
-+@c add_request_to_runlist ok [xguargs]
-+@c pthread_cond_signal ok
-+@c aio_free_request ok [xguargs]
-+@c pthread_mutex_unlock lockleak
-+
-+@c (in the new thread, initiated with clone)
-+@c start_thread ok
-+@c HP_TIMING_NOW ok
-+@c ctype_init [glocale] (in theory, but optimized into safety)
-+@c atomic_exchange_acq ok
-+@c lll_futex_wake ok
-+@c sigemptyset ok
-+@c sigaddset ok
-+@c setjmp ok
-+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
-+@c do_cancel ok
-+@c pthread_unwind ok
-+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
-+@c lll_lock selfdeadlock, lockleak
-+@c lll_unlock selfdeadlock, lockleak
-+@c CANCEL_RESET -> pthread_disable_asynccancel ok
-+@c lll_futex_wait ok
-+@c ->start_routine ok -----
-+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
-+@c user-supplied dtor
-+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
-+@c rtld_lock_unlock_recursive lockleak
-+@c free asmalloc, memleak
-+@c nptl_deallocate_tsd asmalloc, memleak
-+@c tsd user-supplied dtors ok
-+@c free asmalloc, memleak
-+@c libc_thread_freeres
-+@c libc_thread_subfreeres ok
-+@c atomic_decrement_and_test ok
-+@c td_eventword ok
-+@c td_eventmask ok
-+@c atomic_compare_exchange_bool_acq ok
-+@c nptl_death_event ok
-+@c lll_robust_dead ok
-+@c getpagesize ok
-+@c madvise ok
-+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
-+@c free asmalloc, memleak
-+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
-+@c lll_futex_wait ok
-+@c exit_thread_inline ok
-+@c syscall(exit) ok
-+
- This function initiates an asynchronous read operation. It
- immediately returns after the operation was enqueued or when an
- error was encountered.
-@@ -1988,6 +2200,7 @@ replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to the @code{aio_read} function. The only
- difference is that on @w{32 bit} machines, the file descriptor should
- be opened in the large file mode. Internally, @code{aio_read64} uses
-@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_write (struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function initiates an asynchronous write operation. The function
- call immediately returns after the operation was enqueued or if before
- this happens an error was encountered.
-@@ -2072,6 +2286,7 @@ replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to the @code{aio_write} function. The only
- difference is that on @w{32 bit} machines the file descriptor should
- be opened in the large file mode. Internally @code{aio_write64} uses
-@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
-+@c enqueues each request. Then, it waits for notification or prepares
-+@c for it before releasing the lock. Even though it performs memory
-+@c allocation and locking of its own, it doesn't add any classes of
-+@c safety issues that aren't already covered by aio_enqueue_request.
- The @code{lio_listio} function can be used to enqueue an arbitrary
- number of read and write requests at one time. The requests can all be
- meant for the same file, all for different files or every solution in
-@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to the @code{lio_listio} function. The only
- difference is that on @w{32 bit} machines, the file descriptor should
- be opened in the large file mode. Internally, @code{lio_listio64} uses
-@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_error (const struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function determines the error state of the request described by the
- @code{struct aiocb} variable pointed to by @var{aiocbp}. If the
- request has not yet terminated the value returned is always
-@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{aio_error} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2238,6 +2462,7 @@ machines.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function can be used to retrieve the return status of the operation
- carried out by the request described in the variable pointed to by
- @var{aiocbp}. As long as the error status of this request as returned
-@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{aio_return} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c After fcntl to check that the FD is open, it calls
-+@c aio_enqueue_request.
- Calling this function forces all I/O operations operating queued at the
- time of the function call operating on the file descriptor
- @code{aiocbp->aio_fildes} into the synchronized I/O completion state
-@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to @code{aio_fsync} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
-+@c for completion or timeout, and release the mutex.
- When calling this function, the calling thread is suspended until at
- least one of the requests pointed to by the @var{nent} elements of the
- array @var{list} has completed. If any of the requests has already
-@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- This function is similar to @code{aio_suspend} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
- @comment aio.h
- @comment POSIX.1b
- @deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
-+@c aio_find_req_fd, aio_remove_request, then aio_notify and
-+@c aio_free_request each request before releasing the lock.
-+@c aio_notify calls aio_notify_only and free, besides cond signal or
-+@c similar. aio_notify_only calls pthread_attr_init,
-+@c pthread_attr_setdetachstate, malloc, pthread_create,
-+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
-+@c notify_func_wraper calls aio_start_notify_thread, free and then the
-+@c notifier function.
- The @code{aio_cancel} function can be used to cancel one or more
- outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
- function tries to cancel all of the outstanding requests which would process
-@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
- @comment aio.h
- @comment Unix98
- @deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
- This function is similar to @code{aio_cancel} with the only difference
- that the argument is a reference to a variable of type @code{struct
- aiocb64}.
-@@ -2529,6 +2774,8 @@ Unused.
- @comment aio.h
- @comment GNU
- @deftypefun void aio_init (const struct aioinit *@var{init})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c All changes to global objects are guarded by aio_requests_mutex.
- This function must be called before any other AIO function. Calling it
- is completely voluntary, as it is only meant to help the AIO
- implementation perform better.
-@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
- @comment fcntl.h
- @comment POSIX.1
- @deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fcntl} function performs the operation specified by
- @var{command} on the file descriptor @var{filedes}. Some commands
- require additional arguments to be supplied. These additional arguments
-@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int dup (int @var{old})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function copies descriptor @var{old} to the first available
- descriptor number (the first number not currently open). It is
- equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
-@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int dup2 (int @var{old}, int @var{new})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function copies the descriptor @var{old} to descriptor number
- @var{new}.
-
-@@ -3631,6 +3881,7 @@ different headers.
- @comment sys/ioctl.h
- @comment BSD
- @deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The @code{ioctl} function performs the generic I/O operation
- @var{command} on @var{filedes}.
-@@ -3650,3 +3901,6 @@ unknown device.
- Most IOCTLs are OS-specific and/or only used in special system utilities,
- and are thus beyond the scope of this document. For an example of the use
- of an IOCTL, see @ref{Out-of-Band Data}.
-+
-+@c FIXME this is undocumented:
-+@c dup3
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 323268d..da50d18 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @comment locale.h
- @comment ISO
- @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
--@safety{@mtunsafe{uunguard}}
--@c This function is MT-Safe, but uses of the global locale object are
--@c unguarded in functions that ought to be MT-Safe, so we're ruling out
--@c the use of this function once threads are started.
-+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Uses of the global locale object are unguarded in functions that
-+@c ought to be MT-Safe, so we're ruling out the use of this function
-+@c once threads are started. It takes a write lock itself, but it may
-+@c return a pointer loaded from the global locale object after releasing
-+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
-+@c and free, and _nl_find_locale, which amount to all documented safety
-+@c issues. It also calls new_composite_name, setdata, and setname,
-+@c without any additional issues. _nl_find_locale calls getenv, ...
-+This function returns a pointer read
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
-diff --git a/manual/resource.texi b/manual/resource.texi
-index 1ec7af2..71b08f7 100644
---- a/manual/resource.texi
-+++ b/manual/resource.texi
-@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
- @comment sys/resource.h
- @comment BSD
- @deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct syscall on most systems.
- Read the current and maximum limits for the resource @var{resource}
- and store them in @code{*@var{rlp}}.
-
-@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
- @comment sys/resource.h
- @comment Unix98
- @deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
- This function is similar to @code{getrlimit} but its second parameter is
- a pointer to a variable of type @code{struct rlimit64}, which allows it
- to read values which wouldn't fit in the member of a @code{struct
-@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
- @comment unistd.h
- @comment BSD
- @deftypefun int getpagesize (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
-+@c the exception, with the possibility of a syscall.
- The @code{getpagesize} function returns the page size of the process.
- This value is fixed for the runtime of the process but can vary in
- different runs of the application.
-@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun {long int} get_phys_pages (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
-+@c This fopens a /proc file and scans it for the requested information.
- The @code{get_phys_pages} function returns the total number of pages of
- physical the system has. To get the amount of memory this number has to
- be multiplied by the page size.
-@@ -1569,6 +1578,7 @@ This function is a GNU extension.
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun {long int} get_avphys_pages (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
- The @code{get_phys_pages} function returns the number of available pages of
- physical the system has. To get the amount of memory this number has to
- be multiplied by the page size.
-@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun int get_nprocs_conf (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
-+@c This function reads from from /sys using dir streams (single user, so
-+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
-+@c streams.
- The @code{get_nprocs_conf} function returns the number of processors the
- operating system configured.
-
-@@ -1623,6 +1637,8 @@ This function is a GNU extension.
- @comment sys/sysinfo.h
- @comment GNU
- @deftypefun int get_nprocs (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
-+@c This function reads from /proc using file descriptor I/O.
- The @code{get_nprocs} function returns the number of available processors.
-
- This function is a GNU extension.
-diff --git a/manual/search.texi b/manual/search.texi
-index efd3604..6910edc 100644
---- a/manual/search.texi
-+++ b/manual/search.texi
-@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
- @comment stdlib.h
- @comment ISO
- @deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
-+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
- The @var{qsort} function sorts the array @var{array}. The array contains
- @var{count} elements, each of which is of size @var{size}.
-
-@@ -436,6 +437,11 @@ in the header file @file{search.h}.
- @comment search.h
- @comment SVID
- @deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
-+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
-+@c The tree is not modified in a thread-safe manner, and rotations may
-+@c leave the tree in an inconsistent state that could be observed in an
-+@c asynchronous signal handler or after asynchronous cancellation of the
-+@c thread performing the rotation or the insertion.
- The @code{tsearch} function searches in the tree pointed to by
- @code{*@var{rootp}} for an element matching @var{key}. The function
- pointed to by @var{compar} is used to determine whether two elements
-@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
- @comment search.h
- @comment SVID
- @deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
- The @code{tfind} function is similar to the @code{tsearch} function. It
- locates an element matching the one pointed to by @var{key} and returns
- a pointer to this element. But if no matching element is available no
-@@ -479,6 +486,7 @@ elements.
- @comment search.h
- @comment SVID
- @deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
-+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
- To remove a specific element matching @var{key} from the tree
- @code{tdelete} can be used. It locates the matching element using the
- same method as @code{tfind}. The corresponding element is then removed
-@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
- @comment search.h
- @comment GNU
- @deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
- If the complete search tree has to be removed one can use
- @code{tdestroy}. It frees all resources allocated by the @code{tsearch}
- function to generate the tree pointed to by @var{vroot}.
-@@ -546,6 +555,7 @@ The current node is a leaf.
- @comment search.h
- @comment SVID
- @deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
-+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
- For each node in the tree with a node pointed to by @var{root}, the
- @code{twalk} function calls the function provided by the parameter
- @var{action}. For leaf nodes the function is called exactly once with
-diff --git a/manual/startup.texi b/manual/startup.texi
-index a277714..7bbaf13 100644
---- a/manual/startup.texi
-+++ b/manual/startup.texi
-@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
- The difference to the @code{setenv} function is that the exact string
- given as the parameter @var{string} is put into the environment. If the
- user should change the string after the @code{putenv} call this will
--reflect in automatically in the environment. This also requires that
--@var{string} is no automatic variable which scope is left before the
-+reflect automatically in the environment. This also requires that
-+@var{string} not be an automatic variable whose scope is left before the
- variable is removed from the environment. The same applies of course to
- dynamically allocated variables which are freed later.
-
-diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 7809dd4..79a3340 100644
---- a/manual/stdio.texi
-+++ b/manual/stdio.texi
-@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- @c fopen may leak the list lock if cancelled within _IO_link_in.
- The @code{fopen} function opens a stream for I/O to the file
- @var{filename}, and returns a pointer to the stream.
-@@ -267,7 +267,7 @@ Locks}.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{fopen} but the stream it returns a
- pointer for is opened using @code{open64}. Therefore this stream can be
- used even on files larger then @math{2^31} bytes on 32 bit machines.
-@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
- @comment stdio.h
- @comment ISO
- @deftypefun int fclose (FILE *@var{stream})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
- @c After fclose, it is undefined behavior to use the stream it points
- @c to. Therefore, one must only call fclose when the stream is
- @c otherwise unused. Concurrent uses started before will complete
-@@ -2662,6 +2662,42 @@ pointer @var{ap}.
- @c case of cancellation. This doesn't make it unsafe, but cancelling it
- @c may leak memory. The unguarded use of __printf_function_table is
- @c also of concern for all callers.
-+@c _itoa ok
-+@c _udiv_qrnnd_preinv ok
-+@c group_number ok
-+@c _i18n_number_rewrite
-+@c __wctrans ok
-+@c __towctrans glocale
-+@c __wcrtomb ok? dup below
-+@c outdigit_value ok
-+@c outdigitwc_value ok
-+@c outchar ok
-+@c outstring ok
-+@c PAD ok
-+@c __printf_fp glocale memleak
-+@c __printf_fphex glocale
-+@c __readonly_area
-+@c [GNU/Linux] fopen, strtoul, free
-+@c __strerror_r ok if no translation, check otherwise
-+@c __btowc ? gconv-modules
-+@c __wcrtomb ok (not using internal state) gconv-modules
-+@c ARGCHECK
-+@c UNBUFFERED_P (tested before taking the stream lock)
-+@c buffered_vfprintf ok
-+@c __find_spec(wc|mb)
-+@c read_int
-+@c __libc_use_alloca
-+@c process_arg
-+@c process_string_arg
-+@c extend_alloca
-+@c __parse_one_spec(wc|mb)
-+@c *__printf_arginfo_table unguarded
-+@c __printf_va_arg_table-> unguarded
-+@c *__printf_function_table unguarded
-+@c done_add
-+@c printf_unknown
-+@c outchar
-+@c _itoa_word
- This is the equivalent of @code{fprintf} with the variable argument list
- specified directly as for @code{vprintf}.
- @end deftypefun
-@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
- @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
- @c bringing with it additional potential for async trouble with
- @c list_all_lock.
-@@ -5076,7 +5112,7 @@ Got r
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
--@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
- This function opens a stream for writing to a buffer. The buffer is
- allocated dynamically and grown as necessary, using @code{malloc}.
- After you've closed the stream, this buffer is your responsibility to
-@@ -5192,7 +5228,7 @@ closed.
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
- This function actually creates the stream for communicating with the
- @var{cookie} using the functions in the @var{io-functions} argument.
- The @var{opentype} argument is interpreted as for @code{fopen};
-diff --git a/manual/string.texi b/manual/string.texi
-index 246be84..a75d298 100644
---- a/manual/string.texi
-+++ b/manual/string.texi
-@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
- @comment string.h
- @comment GNU
- @deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c Calls isdigit multiple times, locale may change in between.
- The @code{strverscmp} function compares the string @var{s1} against
- @var{s2}, considering them as holding indices/version numbers. The
- return value follows the same conventions as found in the
-@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
- @comment string.h
- @comment ISO
- @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c Adjust alphasort one safety info is determined.
- The @code{strcoll} function is similar to @code{strcmp} but uses the
- collating sequence of the current locale for collation (the
- @code{LC_COLLATE} locale).
-diff --git a/manual/terminal.texi b/manual/terminal.texi
-index 9e9c057..7f62a4e 100644
---- a/manual/terminal.texi
-+++ b/manual/terminal.texi
-@@ -264,6 +264,9 @@ array.
- @comment termios.h
- @comment POSIX.1
- @deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Converting the kernel-returned termios data structure to the userland
-+@c format does not ensure atomic or consistent writing.
- This function is used to examine the attributes of the terminal
- device with file descriptor @var{filedes}. The attributes are returned
- in the structure that @var{termios-p} points to.
-@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
- @comment termios.h
- @comment POSIX.1
- @deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Converting the incoming termios data structure to the kernel format
-+@c does not ensure atomic or consistent reading.
- This function sets the attributes of the terminal device with file
- descriptor @var{filedes}. The new attributes are taken from the
- structure that @var{termios-p} points to.
-diff --git a/manual/threads.texi b/manual/threads.texi
-index a23ac26..19bfad6 100644
---- a/manual/threads.texi
-+++ b/manual/threads.texi
-@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
- data destructors or even as members of the thread-specific data, since the
- latter is passed as an argument to the destructor function.
-
-+@c FIXME: use @deftypefun for these.
- @item int pthread_key_delete (pthread_key_t @var{key})
- Destroy the thread-specific data @var{key} in the calling thread. The
- destructor for the thread-specific data is not called during destruction, nor
-@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
- The system does not have sufficient memory.
- @end table
- @end deftypefun
-+
-+@c FIXME these are undocumented:
-+@c pthread_atfork
-+@c pthread_attr_destroy
-+@c pthread_attr_getaffinity_np
-+@c pthread_attr_getdetachstate
-+@c pthread_attr_getguardsize
-+@c pthread_attr_getinheritsched
-+@c pthread_attr_getschedparam
-+@c pthread_attr_getschedpolicy
-+@c pthread_attr_getscope
-+@c pthread_attr_getstack
-+@c pthread_attr_getstackaddr
-+@c pthread_attr_getstacksize
-+@c pthread_attr_init
-+@c pthread_attr_setaffinity_np
-+@c pthread_attr_setdetachstate
-+@c pthread_attr_setguardsize
-+@c pthread_attr_setinheritsched
-+@c pthread_attr_setschedparam
-+@c pthread_attr_setschedpolicy
-+@c pthread_attr_setscope
-+@c pthread_attr_setstack
-+@c pthread_attr_setstackaddr
-+@c pthread_attr_setstacksize
-+@c pthread_barrierattr_destroy
-+@c pthread_barrierattr_getpshared
-+@c pthread_barrierattr_init
-+@c pthread_barrierattr_setpshared
-+@c pthread_barrier_destroy
-+@c pthread_barrier_init
-+@c pthread_barrier_wait
-+@c pthread_cancel
-+@c pthread_cleanup_push
-+@c pthread_cleanup_pop
-+@c pthread_condattr_destroy
-+@c pthread_condattr_getclock
-+@c pthread_condattr_getpshared
-+@c pthread_condattr_init
-+@c pthread_condattr_setclock
-+@c pthread_condattr_setpshared
-+@c pthread_cond_broadcast
-+@c pthread_cond_destroy
-+@c pthread_cond_init
-+@c pthread_cond_signal
-+@c pthread_cond_timedwait
-+@c pthread_cond_wait
-+@c pthread_create
-+@c pthread_detach
-+@c pthread_equal
-+@c pthread_exit
-+@c pthread_getaffinity_np
-+@c pthread_getattr_np
-+@c pthread_getconcurrency
-+@c pthread_getcpuclockid
-+@c pthread_getname_np
-+@c pthread_getschedparam
-+@c pthread_join
-+@c pthread_kill
-+@c pthread_kill_other_threads_np
-+@c pthread_mutexattr_destroy
-+@c pthread_mutexattr_getkind_np
-+@c pthread_mutexattr_getprioceiling
-+@c pthread_mutexattr_getprotocol
-+@c pthread_mutexattr_getpshared
-+@c pthread_mutexattr_getrobust
-+@c pthread_mutexattr_getrobust_np
-+@c pthread_mutexattr_gettype
-+@c pthread_mutexattr_init
-+@c pthread_mutexattr_setkind_np
-+@c pthread_mutexattr_setprioceiling
-+@c pthread_mutexattr_setprotocol
-+@c pthread_mutexattr_setpshared
-+@c pthread_mutexattr_setrobust
-+@c pthread_mutexattr_setrobust_np
-+@c pthread_mutexattr_settype
-+@c pthread_mutex_consistent
-+@c pthread_mutex_consistent_np
-+@c pthread_mutex_destroy
-+@c pthread_mutex_getprioceiling
-+@c pthread_mutex_init
-+@c pthread_mutex_lock
-+@c pthread_mutex_setprioceiling
-+@c pthread_mutex_timedlock
-+@c pthread_mutex_trylock
-+@c pthread_mutex_unlock
-+@c pthread_once
-+@c pthread_rwlockattr_destroy
-+@c pthread_rwlockattr_getkind_np
-+@c pthread_rwlockattr_getpshared
-+@c pthread_rwlockattr_init
-+@c pthread_rwlockattr_setkind_np
-+@c pthread_rwlockattr_setpshared
-+@c pthread_rwlock_destroy
-+@c pthread_rwlock_init
-+@c pthread_rwlock_rdlock
-+@c pthread_rwlock_timedrdlock
-+@c pthread_rwlock_timedwrlock
-+@c pthread_rwlock_tryrdlock
-+@c pthread_rwlock_trywrlock
-+@c pthread_rwlock_unlock
-+@c pthread_rwlock_wrlock
-+@c pthread_self
-+@c pthread_setaffinity_np
-+@c pthread_setcancelstate
-+@c pthread_setcanceltype
-+@c pthread_setconcurrency
-+@c pthread_setname_np
-+@c pthread_setschedparam
-+@c pthread_setschedprio
-+@c pthread_sigmask
-+@c pthread_sigqueue
-+@c pthread_spin_destroy
-+@c pthread_spin_init
-+@c pthread_spin_lock
-+@c pthread_spin_trylock
-+@c pthread_spin_unlock
-+@c pthread_testcancel
-+@c pthread_timedjoin_np
-+@c pthread_tryjoin_np
-+@c pthread_yield
-diff --git a/manual/time.texi b/manual/time.texi
-index ff31e28..3967b24 100644
---- a/manual/time.texi
-+++ b/manual/time.texi
-@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
- @comment sys/time.h
- @comment BSD
- @deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c On most GNU/Linux systems this is a direct syscall, but the posix/
-+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
-+@c localtime_r, saving and restoring tzname in an unsafe manner.
-+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
-+@c for vdso resolution. ifunc-vdso-revisit.
- The @code{gettimeofday} function returns the current calendar time as
- the elapsed time since the epoch in the @code{struct timeval} structure
- indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
commit 4fbc047902ffe2e52e83f768573b9b8b0cdd8e7c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3152fe9b71d25e5a079af8a12b1ab66c69174413
commit 3152fe9b71d25e5a079af8a12b1ab66c69174413
Merge: 409b9c1 36ebef0 32cc08f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:51 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=409b9c1dc08236ce6fc200dbf7ac8f1ce7466fd5
commit 409b9c1dc08236ce6fc200dbf7ac8f1ce7466fd5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:51 2013 -0300
import
diff --git a/meta b/meta
index a8768b4..2ab621e 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9af99627e811f0fdcfb787cd4fd7c395fa08caf0
-Head: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
+Previous: 32cc08f6887f254257307044a1da7e83889300d8
+Head: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -28,6 +28,7 @@ Applied:
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
+ wip-manual-document-mt-safety-time.patch: 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-time.patch b/patches/wip-manual-document-mt-safety-time.patch
new file mode 100644
index 0000000..ee52a8e
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-time.patch
@@ -0,0 +1,31 @@
+Bottom: 934314e9de7d53f206e47915ea85ef4798ee295a
+Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:14:50 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/time.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/time.texi b/manual/time.texi
+index ff31e28..3967b24 100644
+--- a/manual/time.texi
++++ b/manual/time.texi
+@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c On most GNU/Linux systems this is a direct syscall, but the posix/
++@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
++@c localtime_r, saving and restoring tzname in an unsafe manner.
++@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
++@c for vdso resolution. ifunc-vdso-revisit.
+ The @code{gettimeofday} function returns the current calendar time as
+ the elapsed time since the epoch in the @code{struct timeval} structure
+ indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=36ebef0d2d702667bef29dd37c04d3a416cfaa1c
commit 36ebef0d2d702667bef29dd37c04d3a416cfaa1c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:50 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/time.texi: Document thread safety properties.
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=32cc08f6887f254257307044a1da7e83889300d8
commit 32cc08f6887f254257307044a1da7e83889300d8
Merge: 0b5bbfe f47c93c 9af9962
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:36 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b5bbfef237a30c3c4c54b5e4e2e0b9c0ac358bc
commit 0b5bbfef237a30c3c4c54b5e4e2e0b9c0ac358bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:36 2013 -0300
import
diff --git a/meta b/meta
index 78c93b5..a8768b4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9d6b1e3e15da247a2588e6e4e56507f3d460964f
-Head: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
+Previous: 9af99627e811f0fdcfb787cd4fd7c395fa08caf0
+Head: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -27,6 +27,7 @@ Applied:
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
+ wip-manual-document-mt-safety-threads.patch: f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-threads.patch b/patches/wip-manual-document-mt-safety-threads.patch
new file mode 100644
index 0000000..a8a9208
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-threads.patch
@@ -0,0 +1,151 @@
+Bottom: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
+Top: 934314e9de7d53f206e47915ea85ef4798ee295a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:14:35 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/threads.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/threads.texi b/manual/threads.texi
+index a23ac26..19bfad6 100644
+--- a/manual/threads.texi
++++ b/manual/threads.texi
+@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
+ data destructors or even as members of the thread-specific data, since the
+ latter is passed as an argument to the destructor function.
+
++@c FIXME: use @deftypefun for these.
+ @item int pthread_key_delete (pthread_key_t @var{key})
+ Destroy the thread-specific data @var{key} in the calling thread. The
+ destructor for the thread-specific data is not called during destruction, nor
+@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
+ The system does not have sufficient memory.
+ @end table
+ @end deftypefun
++
++@c FIXME these are undocumented:
++@c pthread_atfork
++@c pthread_attr_destroy
++@c pthread_attr_getaffinity_np
++@c pthread_attr_getdetachstate
++@c pthread_attr_getguardsize
++@c pthread_attr_getinheritsched
++@c pthread_attr_getschedparam
++@c pthread_attr_getschedpolicy
++@c pthread_attr_getscope
++@c pthread_attr_getstack
++@c pthread_attr_getstackaddr
++@c pthread_attr_getstacksize
++@c pthread_attr_init
++@c pthread_attr_setaffinity_np
++@c pthread_attr_setdetachstate
++@c pthread_attr_setguardsize
++@c pthread_attr_setinheritsched
++@c pthread_attr_setschedparam
++@c pthread_attr_setschedpolicy
++@c pthread_attr_setscope
++@c pthread_attr_setstack
++@c pthread_attr_setstackaddr
++@c pthread_attr_setstacksize
++@c pthread_barrierattr_destroy
++@c pthread_barrierattr_getpshared
++@c pthread_barrierattr_init
++@c pthread_barrierattr_setpshared
++@c pthread_barrier_destroy
++@c pthread_barrier_init
++@c pthread_barrier_wait
++@c pthread_cancel
++@c pthread_cleanup_push
++@c pthread_cleanup_pop
++@c pthread_condattr_destroy
++@c pthread_condattr_getclock
++@c pthread_condattr_getpshared
++@c pthread_condattr_init
++@c pthread_condattr_setclock
++@c pthread_condattr_setpshared
++@c pthread_cond_broadcast
++@c pthread_cond_destroy
++@c pthread_cond_init
++@c pthread_cond_signal
++@c pthread_cond_timedwait
++@c pthread_cond_wait
++@c pthread_create
++@c pthread_detach
++@c pthread_equal
++@c pthread_exit
++@c pthread_getaffinity_np
++@c pthread_getattr_np
++@c pthread_getconcurrency
++@c pthread_getcpuclockid
++@c pthread_getname_np
++@c pthread_getschedparam
++@c pthread_join
++@c pthread_kill
++@c pthread_kill_other_threads_np
++@c pthread_mutexattr_destroy
++@c pthread_mutexattr_getkind_np
++@c pthread_mutexattr_getprioceiling
++@c pthread_mutexattr_getprotocol
++@c pthread_mutexattr_getpshared
++@c pthread_mutexattr_getrobust
++@c pthread_mutexattr_getrobust_np
++@c pthread_mutexattr_gettype
++@c pthread_mutexattr_init
++@c pthread_mutexattr_setkind_np
++@c pthread_mutexattr_setprioceiling
++@c pthread_mutexattr_setprotocol
++@c pthread_mutexattr_setpshared
++@c pthread_mutexattr_setrobust
++@c pthread_mutexattr_setrobust_np
++@c pthread_mutexattr_settype
++@c pthread_mutex_consistent
++@c pthread_mutex_consistent_np
++@c pthread_mutex_destroy
++@c pthread_mutex_getprioceiling
++@c pthread_mutex_init
++@c pthread_mutex_lock
++@c pthread_mutex_setprioceiling
++@c pthread_mutex_timedlock
++@c pthread_mutex_trylock
++@c pthread_mutex_unlock
++@c pthread_once
++@c pthread_rwlockattr_destroy
++@c pthread_rwlockattr_getkind_np
++@c pthread_rwlockattr_getpshared
++@c pthread_rwlockattr_init
++@c pthread_rwlockattr_setkind_np
++@c pthread_rwlockattr_setpshared
++@c pthread_rwlock_destroy
++@c pthread_rwlock_init
++@c pthread_rwlock_rdlock
++@c pthread_rwlock_timedrdlock
++@c pthread_rwlock_timedwrlock
++@c pthread_rwlock_tryrdlock
++@c pthread_rwlock_trywrlock
++@c pthread_rwlock_unlock
++@c pthread_rwlock_wrlock
++@c pthread_self
++@c pthread_setaffinity_np
++@c pthread_setcancelstate
++@c pthread_setcanceltype
++@c pthread_setconcurrency
++@c pthread_setname_np
++@c pthread_setschedparam
++@c pthread_setschedprio
++@c pthread_sigmask
++@c pthread_sigqueue
++@c pthread_spin_destroy
++@c pthread_spin_init
++@c pthread_spin_lock
++@c pthread_spin_trylock
++@c pthread_spin_unlock
++@c pthread_testcancel
++@c pthread_timedjoin_np
++@c pthread_tryjoin_np
++@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
commit f47c93cdfff86a4b5acb80c4b80ba113757b9e5f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:14:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/threads.texi: Document thread safety properties.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9af99627e811f0fdcfb787cd4fd7c395fa08caf0
commit 9af99627e811f0fdcfb787cd4fd7c395fa08caf0
Merge: 62cd4e6 131f3d7 9d6b1e3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=62cd4e647e34e31ad1e3a186be37661288afba1b
commit 62cd4e647e34e31ad1e3a186be37661288afba1b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
import
diff --git a/meta b/meta
index 902eaac..78c93b5 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
-Head: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
+Previous: 9d6b1e3e15da247a2588e6e4e56507f3d460964f
+Head: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -26,6 +26,7 @@ Applied:
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
+ wip-manual-document-mt-safety-terminal.patch: 131f3d7cbdeaec2279062d5bd94af6281390b9ba
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-terminal.patch b/patches/wip-manual-document-mt-safety-terminal.patch
new file mode 100644
index 0000000..09d43ed
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-terminal.patch
@@ -0,0 +1,38 @@
+Bottom: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
+Top: 9f340cd557aceda321c8ef9f6db21082e5dbdaee
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:13:53 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/terminal.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/terminal.texi b/manual/terminal.texi
+index 9e9c057..7f62a4e 100644
+--- a/manual/terminal.texi
++++ b/manual/terminal.texi
+@@ -264,6 +264,9 @@ array.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the kernel-returned termios data structure to the userland
++@c format does not ensure atomic or consistent writing.
+ This function is used to examine the attributes of the terminal
+ device with file descriptor @var{filedes}. The attributes are returned
+ in the structure that @var{termios-p} points to.
+@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the incoming termios data structure to the kernel format
++@c does not ensure atomic or consistent reading.
+ This function sets the attributes of the terminal device with file
+ descriptor @var{filedes}. The new attributes are taken from the
+ structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=131f3d7cbdeaec2279062d5bd94af6281390b9ba
commit 131f3d7cbdeaec2279062d5bd94af6281390b9ba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:53 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/terminal.texi: Document thread safety properties.
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9d6b1e3e15da247a2588e6e4e56507f3d460964f
commit 9d6b1e3e15da247a2588e6e4e56507f3d460964f
Merge: 59dcb93 358134b ea4fd9c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59dcb935e3195f296afe22873dfe1706c77beeba
commit 59dcb935e3195f296afe22873dfe1706c77beeba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
import
diff --git a/meta b/meta
index 6a6db56..902eaac 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
-Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+Previous: ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
+Head: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -25,6 +25,7 @@ Applied:
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
+ wip-manual-document-mt-safety-string.patch: 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/wip-manual-document-mt-safety-string.patch b/patches/wip-manual-document-mt-safety-string.patch
new file mode 100644
index 0000000..c2dd68c
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-string.patch
@@ -0,0 +1,36 @@
+Bottom: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Top: 12b763b61e3c2dff9a990b8c3271a64b6febfd63
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:13:24 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/string.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/string.texi b/manual/string.texi
+index 246be84..a75d298 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
+ @comment string.h
+ @comment GNU
+ @deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls isdigit multiple times, locale may change in between.
+ The @code{strverscmp} function compares the string @var{s1} against
+ @var{s2}, considering them as holding indices/version numbers. The
+ return value follows the same conventions as found in the
+@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
+ @comment string.h
+ @comment ISO
+ @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Adjust alphasort one safety info is determined.
+ The @code{strcoll} function is similar to @code{strcmp} but uses the
+ collating sequence of the current locale for collation (the
+ @code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
commit 358134baec989c2a7d7f3e6f2d4d0b3f002bcb39
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:13:24 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/string.texi: Document thread safety properties.
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
commit ea4fd9c31cd34ece4af5fe8d6b3a17c9ef9f79e4
Merge: 1f35875 b6c3b59 7813e94
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1f35875992d2f4994c57f952436924323701762f
commit 1f35875992d2f4994c57f952436924323701762f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh
diff --git a/meta b/meta
index 62198e1..6a6db56 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
-Head: fe734e3c4e47da61876a28df92f216ffe7f91900
+Previous: 7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
+Head: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -24,8 +24,7 @@ Applied:
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
- manual-document-mt-safety-stdio.patch: 4317964c441ce5286d9d38d49a63be64118cf356
- refresh-temp: fe734e3c4e47da61876a28df92f216ffe7f91900
+ manual-document-mt-safety-stdio.patch: b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 373e2ca..8b416af 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
-Top: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,14 +13,14 @@ for ChangeLog
---
diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 3f9be9bc5..7809dd4 100644
+index 3f9be9bc5..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -29,7 +29,7 @@ index 3f9be9bc5..7809dd4 100644
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -94,7 +94,7 @@ index 3f9be9bc5..7809dd4 100644
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
@@ -644,7 +644,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
-@@ -2525,6 +2656,12 @@ pointer @var{ap}.
+@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
@@ -654,10 +654,46 @@ index 3f9be9bc5..7809dd4 100644
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
++@c _itoa ok
++@c _udiv_qrnnd_preinv ok
++@c group_number ok
++@c _i18n_number_rewrite
++@c __wctrans ok
++@c __towctrans glocale
++@c __wcrtomb ok? dup below
++@c outdigit_value ok
++@c outdigitwc_value ok
++@c outchar ok
++@c outstring ok
++@c PAD ok
++@c __printf_fp glocale memleak
++@c __printf_fphex glocale
++@c __readonly_area
++@c [GNU/Linux] fopen, strtoul, free
++@c __strerror_r ok if no translation, check otherwise
++@c __btowc ? gconv-modules
++@c __wcrtomb ok (not using internal state) gconv-modules
++@c ARGCHECK
++@c UNBUFFERED_P (tested before taking the stream lock)
++@c buffered_vfprintf ok
++@c __find_spec(wc|mb)
++@c read_int
++@c __libc_use_alloca
++@c process_arg
++@c process_string_arg
++@c extend_alloca
++@c __parse_one_spec(wc|mb)
++@c *__printf_arginfo_table unguarded
++@c __printf_va_arg_table-> unguarded
++@c *__printf_function_table unguarded
++@c done_add
++@c printf_unknown
++@c outchar
++@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
+@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
@@ -665,7 +701,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
-@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
+@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
@@ -673,7 +709,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
+@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
@@ -681,7 +717,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
-@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
+@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
@@ -689,7 +725,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
+@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
@@ -697,7 +733,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
-@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
+@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
@@ -708,7 +744,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
-@@ -2639,6 +2785,7 @@ file @file{printf.h}.
+@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
@@ -716,7 +752,7 @@ index 3f9be9bc5..7809dd4 100644
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
-@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
+@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
@@ -729,7 +765,7 @@ index 3f9be9bc5..7809dd4 100644
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
-@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
+@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
@@ -742,7 +778,7 @@ index 3f9be9bc5..7809dd4 100644
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
-@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
+@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
@@ -750,7 +786,7 @@ index 3f9be9bc5..7809dd4 100644
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
-@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
+@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
@@ -758,7 +794,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
-@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
+@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
@@ -766,7 +802,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
-@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
+@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
@@ -774,7 +810,7 @@ index 3f9be9bc5..7809dd4 100644
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
-@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
+@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
@@ -782,7 +818,7 @@ index 3f9be9bc5..7809dd4 100644
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
-@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
+@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
@@ -790,7 +826,7 @@ index 3f9be9bc5..7809dd4 100644
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
-@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
+@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
@@ -798,7 +834,7 @@ index 3f9be9bc5..7809dd4 100644
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
-@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
+@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
@@ -806,7 +842,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
-@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
@@ -814,7 +850,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
-@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
@@ -822,7 +858,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
-@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
+@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
@@ -830,7 +866,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
-@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
+@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
@@ -838,7 +874,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
-@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
+@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
@@ -846,7 +882,7 @@ index 3f9be9bc5..7809dd4 100644
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
-@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
+@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
@@ -854,7 +890,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
-@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
+@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
@@ -864,7 +900,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
-@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
+@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
@@ -872,7 +908,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
-@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
+@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
@@ -880,7 +916,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
-@@ -4023,6 +4201,7 @@ function.
+@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
@@ -888,7 +924,7 @@ index 3f9be9bc5..7809dd4 100644
This function clears the end-of-file and error indicators for the
stream @var{stream}.
-@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
+@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
@@ -896,7 +932,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
-@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
+@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
@@ -904,7 +940,7 @@ index 3f9be9bc5..7809dd4 100644
This function returns the current file position of the stream
@var{stream}.
-@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
+@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
@@ -912,7 +948,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
-@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
+@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
@@ -920,7 +956,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
-@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
+@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
@@ -928,7 +964,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
-@@ -4215,6 +4399,7 @@ place in the file.
+@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
@@ -936,7 +972,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
-@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
+@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
@@ -944,7 +980,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
-@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
+@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
@@ -952,7 +988,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
-@@ -4407,6 +4594,7 @@ representation.
+@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
@@ -960,7 +996,7 @@ index 3f9be9bc5..7809dd4 100644
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
-@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
+@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
@@ -968,7 +1004,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
-@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
+@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
@@ -976,7 +1012,7 @@ index 3f9be9bc5..7809dd4 100644
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
-@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
+@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
@@ -984,7 +1020,7 @@ index 3f9be9bc5..7809dd4 100644
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
-@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
+@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
@@ -992,7 +1028,7 @@ index 3f9be9bc5..7809dd4 100644
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
-@@ -4572,6 +4764,7 @@ otherwise.
+@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
@@ -1000,7 +1036,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
-@@ -4588,6 +4781,7 @@ exported.
+@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
@@ -1008,7 +1044,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
-@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
+@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
@@ -1016,7 +1052,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
-@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
+@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
@@ -1024,7 +1060,7 @@ index 3f9be9bc5..7809dd4 100644
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
-@@ -4710,6 +4906,7 @@ efficient size.
+@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
@@ -1032,7 +1068,7 @@ index 3f9be9bc5..7809dd4 100644
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
-@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
+@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
@@ -1040,7 +1076,7 @@ index 3f9be9bc5..7809dd4 100644
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
-@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
+@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
@@ -1048,7 +1084,7 @@ index 3f9be9bc5..7809dd4 100644
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
-@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
+@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
@@ -1056,7 +1092,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
-@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
+@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
@@ -1064,7 +1100,7 @@ index 3f9be9bc5..7809dd4 100644
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
-@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
+@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
@@ -1072,34 +1108,34 @@ index 3f9be9bc5..7809dd4 100644
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
-@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
+@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
-@@ -4870,6 +5076,7 @@ Got r
+@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
-@@ -4985,6 +5192,7 @@ closed.
+@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
-@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
+@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
@@ -1107,7 +1143,7 @@ index 3f9be9bc5..7809dd4 100644
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
-@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
+@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index fe070cb..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,110 +0,0 @@
-Bottom: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
-Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:12:52 -0300
-
-Refresh of manual-document-mt-safety-stdio.patch
-
----
-
-diff --git a/manual/stdio.texi b/manual/stdio.texi
-index 7809dd4..79a3340 100644
---- a/manual/stdio.texi
-+++ b/manual/stdio.texi
-@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- @c fopen may leak the list lock if cancelled within _IO_link_in.
- The @code{fopen} function opens a stream for I/O to the file
- @var{filename}, and returns a pointer to the stream.
-@@ -267,7 +267,7 @@ Locks}.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{fopen} but the stream it returns a
- pointer for is opened using @code{open64}. Therefore this stream can be
- used even on files larger then @math{2^31} bytes on 32 bit machines.
-@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
- @comment stdio.h
- @comment ISO
- @deftypefun int fclose (FILE *@var{stream})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
- @c After fclose, it is undefined behavior to use the stream it points
- @c to. Therefore, one must only call fclose when the stream is
- @c otherwise unused. Concurrent uses started before will complete
-@@ -2662,6 +2662,42 @@ pointer @var{ap}.
- @c case of cancellation. This doesn't make it unsafe, but cancelling it
- @c may leak memory. The unguarded use of __printf_function_table is
- @c also of concern for all callers.
-+@c _itoa ok
-+@c _udiv_qrnnd_preinv ok
-+@c group_number ok
-+@c _i18n_number_rewrite
-+@c __wctrans ok
-+@c __towctrans glocale
-+@c __wcrtomb ok? dup below
-+@c outdigit_value ok
-+@c outdigitwc_value ok
-+@c outchar ok
-+@c outstring ok
-+@c PAD ok
-+@c __printf_fp glocale memleak
-+@c __printf_fphex glocale
-+@c __readonly_area
-+@c [GNU/Linux] fopen, strtoul, free
-+@c __strerror_r ok if no translation, check otherwise
-+@c __btowc ? gconv-modules
-+@c __wcrtomb ok (not using internal state) gconv-modules
-+@c ARGCHECK
-+@c UNBUFFERED_P (tested before taking the stream lock)
-+@c buffered_vfprintf ok
-+@c __find_spec(wc|mb)
-+@c read_int
-+@c __libc_use_alloca
-+@c process_arg
-+@c process_string_arg
-+@c extend_alloca
-+@c __parse_one_spec(wc|mb)
-+@c *__printf_arginfo_table unguarded
-+@c __printf_va_arg_table-> unguarded
-+@c *__printf_function_table unguarded
-+@c done_add
-+@c printf_unknown
-+@c outchar
-+@c _itoa_word
- This is the equivalent of @code{fprintf} with the variable argument list
- specified directly as for @code{vprintf}.
- @end deftypefun
-@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
- @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
- @c bringing with it additional potential for async trouble with
- @c list_all_lock.
-@@ -5076,7 +5112,7 @@ Got r
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
--@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
- This function opens a stream for writing to a buffer. The buffer is
- allocated dynamically and grown as necessary, using @code{malloc}.
- After you've closed the stream, this buffer is your responsibility to
-@@ -5192,7 +5228,7 @@ closed.
- @comment stdio.h
- @comment GNU
- @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
--@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
- This function actually creates the stream for communicating with the
- @var{cookie} using the functions in the @var{io-functions} argument.
- The @var{opentype} argument is interpreted as for @code{fopen};
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
commit 7813e945b628c7ad8a53e4e1e9f8c9bcdcbba26a
Merge: 233a8e5 fe734e3 46dbc4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=233a8e5787e22d033aa1530a55a3b1f4dc5769b5
commit 233a8e5787e22d033aa1530a55a3b1f4dc5769b5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:53 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index b6b4736..62198e1 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 0d1caeb5637d1e9380fd955561a0f2d69bd78f12
-Head: 4317964c441ce5286d9d38d49a63be64118cf356
+Previous: 46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
+Head: fe734e3c4e47da61876a28df92f216ffe7f91900
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -25,6 +25,7 @@ Applied:
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
manual-document-mt-safety-stdio.patch: 4317964c441ce5286d9d38d49a63be64118cf356
+ refresh-temp: fe734e3c4e47da61876a28df92f216ffe7f91900
Unapplied:
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..fe070cb
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,110 @@
+Bottom: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
+Top: 3db5dacd3a8c55bbd9c4924b1ac2ec9a35d2d732
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:12:52 -0300
+
+Refresh of manual-document-mt-safety-stdio.patch
+
+---
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index 7809dd4..79a3340 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ @c fopen may leak the list lock if cancelled within _IO_link_in.
+ The @code{fopen} function opens a stream for I/O to the file
+ @var{filename}, and returns a pointer to the stream.
+@@ -267,7 +267,7 @@ Locks}.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{fopen} but the stream it returns a
+ pointer for is opened using @code{open64}. Therefore this stream can be
+ used even on files larger then @math{2^31} bytes on 32 bit machines.
+@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fclose (FILE *@var{stream})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+ @c After fclose, it is undefined behavior to use the stream it points
+ @c to. Therefore, one must only call fclose when the stream is
+ @c otherwise unused. Concurrent uses started before will complete
+@@ -2662,6 +2662,42 @@ pointer @var{ap}.
+ @c case of cancellation. This doesn't make it unsafe, but cancelling it
+ @c may leak memory. The unguarded use of __printf_function_table is
+ @c also of concern for all callers.
++@c _itoa ok
++@c _udiv_qrnnd_preinv ok
++@c group_number ok
++@c _i18n_number_rewrite
++@c __wctrans ok
++@c __towctrans glocale
++@c __wcrtomb ok? dup below
++@c outdigit_value ok
++@c outdigitwc_value ok
++@c outchar ok
++@c outstring ok
++@c PAD ok
++@c __printf_fp glocale memleak
++@c __printf_fphex glocale
++@c __readonly_area
++@c [GNU/Linux] fopen, strtoul, free
++@c __strerror_r ok if no translation, check otherwise
++@c __btowc ? gconv-modules
++@c __wcrtomb ok (not using internal state) gconv-modules
++@c ARGCHECK
++@c UNBUFFERED_P (tested before taking the stream lock)
++@c buffered_vfprintf ok
++@c __find_spec(wc|mb)
++@c read_int
++@c __libc_use_alloca
++@c process_arg
++@c process_string_arg
++@c extend_alloca
++@c __parse_one_spec(wc|mb)
++@c *__printf_arginfo_table unguarded
++@c __printf_va_arg_table-> unguarded
++@c *__printf_function_table unguarded
++@c done_add
++@c printf_unknown
++@c outchar
++@c _itoa_word
+ This is the equivalent of @code{fprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+ @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+ @c bringing with it additional potential for async trouble with
+ @c list_all_lock.
+@@ -5076,7 +5112,7 @@ Got r
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
+ This function opens a stream for writing to a buffer. The buffer is
+ allocated dynamically and grown as necessary, using @code{malloc}.
+ After you've closed the stream, this buffer is your responsibility to
+@@ -5192,7 +5228,7 @@ closed.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ This function actually creates the stream for communicating with the
+ @var{cookie} using the functions in the @var{io-functions} argument.
+ The @var{opentype} argument is interpreted as for @code{fopen};
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe734e3c4e47da61876a28df92f216ffe7f91900
commit fe734e3c4e47da61876a28df92f216ffe7f91900
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:52 2013 -0300
Refresh of manual-document-mt-safety-stdio.patch
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
commit 46dbc4b516036ae274f7ad8e4b90fbe8547d40e4
Merge: 65240fd 0d1caeb 4317964
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:39 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
commit b6c3b59f2ddf6ed9a14018f69daf993e2eaf27c0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,48 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2705,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2713,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2721,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2729,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2737,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2745,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2821,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3062,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3314,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3378,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3995,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +4010,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +4025,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +4033,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4041,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4055,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4082,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4091,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4100,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4108,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4116,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4124,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4174,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4184,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4198,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4209,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4237,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4248,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4362,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4375,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4399,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4415,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4435,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4459,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4508,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4630,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4645,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4658,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4675,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4787,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4800,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4817,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4839,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4864,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4942,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4956,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4968,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4983,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4997,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +5008,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5056,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5410,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5551,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=65240fd3a07048cfe76d16227b6e441df5380da3
commit 65240fd3a07048cfe76d16227b6e441df5380da3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:38 2013 -0300
push
diff --git a/meta b/meta
index b562e1a..b6b4736 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 028f564b87a1b5e768093944d82e91ae2d4a1a40
-Head: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
+Previous: 0d1caeb5637d1e9380fd955561a0f2d69bd78f12
+Head: 4317964c441ce5286d9d38d49a63be64118cf356
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -24,7 +24,7 @@ Applied:
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
+ manual-document-mt-safety-stdio.patch: 4317964c441ce5286d9d38d49a63be64118cf356
Unapplied:
- manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index ad86e9d..373e2ca 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 18760d732995b8379bc372377398a8fd58732762
-Top: f75097e48123219d68b9307cd827515c123cf0b8
+Bottom: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Top: e7e01aad2f34ba561dd0a0744ce4b8cd012180c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4317964c441ce5286d9d38d49a63be64118cf356
commit 4317964c441ce5286d9d38d49a63be64118cf356
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0d1caeb5637d1e9380fd955561a0f2d69bd78f12
commit 0d1caeb5637d1e9380fd955561a0f2d69bd78f12
Merge: df90f63 028f564 eefb3a2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:29 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=df90f634c259e2a8958e078880b8a10b76e8b50d
commit df90f634c259e2a8958e078880b8a10b76e8b50d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:29 2013 -0300
import
diff --git a/meta b/meta
index ff7e84d..b562e1a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6d76ef68923238530b5af925972ec25e07f09f2a
-Head: 72885eef5a5c94642ef40c16b2838f314908e7da
+Previous: 028f564b87a1b5e768093944d82e91ae2d4a1a40
+Head: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -23,6 +23,7 @@ Applied:
manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
+ wip-manual-document-mt-safety-startup.patch: eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
diff --git a/patches/wip-manual-document-mt-safety-startup.patch b/patches/wip-manual-document-mt-safety-startup.patch
new file mode 100644
index 0000000..cd2fcf0
--- /dev/null
+++ b/patches/wip-manual-document-mt-safety-startup.patch
@@ -0,0 +1,28 @@
+Bottom: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Top: 195f80ed20d8cfa61af3b5629d405de8be7b40fc
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:12:28 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/startup.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/startup.texi b/manual/startup.texi
+index a277714..7bbaf13 100644
+--- a/manual/startup.texi
++++ b/manual/startup.texi
+@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
+ The difference to the @code{setenv} function is that the exact string
+ given as the parameter @var{string} is put into the environment. If the
+ user should change the string after the @code{putenv} call this will
+-reflect in automatically in the environment. This also requires that
+-@var{string} is no automatic variable which scope is left before the
++reflect automatically in the environment. This also requires that
++@var{string} not be an automatic variable whose scope is left before the
+ variable is removed from the environment. The same applies of course to
+ dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
commit eefb3a2e2f3449ada4e40429f0283ac79a5e3fec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:12:28 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/startup.texi: Document thread safety properties.
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=028f564b87a1b5e768093944d82e91ae2d4a1a40
commit 028f564b87a1b5e768093944d82e91ae2d4a1a40
Merge: 16ee509 72885ee 6d76ef6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:56 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=16ee5093c8a53d58dadae44624f15e244e6d4187
commit 16ee5093c8a53d58dadae44624f15e244e6d4187
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:56 2013 -0300
import
diff --git a/meta b/meta
index 73e1f9c..ff7e84d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 1cf411981bae299f53e7cbd67aefd378561e3be0
-Head: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
+Previous: 6d76ef68923238530b5af925972ec25e07f09f2a
+Head: 72885eef5a5c94642ef40c16b2838f314908e7da
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -22,6 +22,7 @@ Applied:
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
+ manual-document-mt-safety-search.patch: 72885eef5a5c94642ef40c16b2838f314908e7da
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
diff --git a/patches/manual-document-mt-safety-search.patch b/patches/manual-document-mt-safety-search.patch
new file mode 100644
index 0000000..fb52bb3
--- /dev/null
+++ b/patches/manual-document-mt-safety-search.patch
@@ -0,0 +1,70 @@
+Bottom: e27f818dd7517eeba6c572017e1d77241113d456
+Top: 8ae75524ca0a1176e4323c74b73cb0722e710364
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:11:55 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/search.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/search.texi b/manual/search.texi
+index efd3604..6910edc 100644
+--- a/manual/search.texi
++++ b/manual/search.texi
+@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
++@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
+ The @var{qsort} function sorts the array @var{array}. The array contains
+ @var{count} elements, each of which is of size @var{size}.
+
+@@ -436,6 +437,11 @@ in the header file @file{search.h}.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
++@c The tree is not modified in a thread-safe manner, and rotations may
++@c leave the tree in an inconsistent state that could be observed in an
++@c asynchronous signal handler or after asynchronous cancellation of the
++@c thread performing the rotation or the insertion.
+ The @code{tsearch} function searches in the tree pointed to by
+ @code{*@var{rootp}} for an element matching @var{key}. The function
+ pointed to by @var{compar} is used to determine whether two elements
+@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ The @code{tfind} function is similar to the @code{tsearch} function. It
+ locates an element matching the one pointed to by @var{key} and returns
+ a pointer to this element. But if no matching element is available no
+@@ -479,6 +486,7 @@ elements.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+ To remove a specific element matching @var{key} from the tree
+ @code{tdelete} can be used. It locates the matching element using the
+ same method as @code{tfind}. The corresponding element is then removed
+@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
+ @comment search.h
+ @comment GNU
+ @deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+ If the complete search tree has to be removed one can use
+ @code{tdestroy}. It frees all resources allocated by the @code{tsearch}
+ function to generate the tree pointed to by @var{vroot}.
+@@ -546,6 +555,7 @@ The current node is a leaf.
+ @comment search.h
+ @comment SVID
+ @deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
++@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
+ For each node in the tree with a node pointed to by @var{root}, the
+ @code{twalk} function calls the function provided by the parameter
+ @var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=72885eef5a5c94642ef40c16b2838f314908e7da
commit 72885eef5a5c94642ef40c16b2838f314908e7da
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:55 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/search.texi: Document thread safety properties.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6d76ef68923238530b5af925972ec25e07f09f2a
commit 6d76ef68923238530b5af925972ec25e07f09f2a
Merge: b497c49 5d3bcb1 1cf4119
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:18 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b497c49e52aaedc3cf7cbf5c68ddfee03482e6c7
commit b497c49e52aaedc3cf7cbf5c68ddfee03482e6c7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:18 2013 -0300
push
diff --git a/meta b/meta
index c5eca2a..73e1f9c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: a7ee668dad2fe9eff02944d144e0563e8010b56f
-Head: d3dde95c92ff8c7cd8e225a21b46c00449db834d
+Previous: 1cf411981bae299f53e7cbd67aefd378561e3be0
+Head: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -21,8 +21,8 @@ Applied:
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
+ manual-document-mt-safety-resource.patch: 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
Unapplied:
- manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
index 5b2e192..3fa9fb2 100644
--- a/patches/manual-document-mt-safety-resource.patch
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -1,5 +1,5 @@
-Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Top: d713f011ada06fb3801e4032349a8ad88e6bc10c
+Bottom: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
+Top: e27f818dd7517eeba6c572017e1d77241113d456
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:11:00 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
commit 5d3bcb1ba7f570bffb709e724d0f7b7f7c54af6d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1cf411981bae299f53e7cbd67aefd378561e3be0
commit 1cf411981bae299f53e7cbd67aefd378561e3be0
Merge: 0143f21 d3dde95 a7ee668
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:14 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0143f2179b4146932a210ef1eebd3a4d604ebf4b
commit 0143f2179b4146932a210ef1eebd3a4d604ebf4b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:14 2013 -0300
float
diff --git a/meta b/meta
index 9f55f60..c5eca2a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: daf305833c7d056c5fdee51b490cefaf60d5b417
-Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
+Previous: a7ee668dad2fe9eff02944d144e0563e8010b56f
+Head: d3dde95c92ff8c7cd8e225a21b46c00449db834d
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,9 +20,9 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
+ manual-document-mt-safety-math.patch: d3dde95c92ff8c7cd8e225a21b46c00449db834d
Unapplied:
manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
- manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 336844e..66820ca 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
-Top: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
+Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Top: d5ba9adc90be6728f409ed99bc36a2fc6e659db0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d3dde95c92ff8c7cd8e225a21b46c00449db834d
commit d3dde95c92ff8c7cd8e225a21b46c00449db834d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7ee668dad2fe9eff02944d144e0563e8010b56f
commit a7ee668dad2fe9eff02944d144e0563e8010b56f
Merge: 46fa156 daf3058
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:10 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=46fa15640d7c007544f208000ef5ffc74fada4fb
commit 46fa15640d7c007544f208000ef5ffc74fada4fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:10 2013 -0300
pop
diff --git a/meta b/meta
index afd5834..9f55f60 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5ea127b745d4510b2dd3d381784775ebcfb495c1
-Head: 92b145ac00e9dc2a9143644e5df35d849d789cf1
+Previous: daf305833c7d056c5fdee51b490cefaf60d5b417
+Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,8 +20,8 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
- manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
Unapplied:
+ manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=daf305833c7d056c5fdee51b490cefaf60d5b417
commit daf305833c7d056c5fdee51b490cefaf60d5b417
Merge: eab9e78 5ea127b 92b145a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eab9e7849544510e21f3b4aa25d1d6956cfbba9c
commit eab9e7849544510e21f3b4aa25d1d6956cfbba9c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
import
diff --git a/meta b/meta
index 9b76d00..afd5834 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
-Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
+Previous: 5ea127b745d4510b2dd3d381784775ebcfb495c1
+Head: 92b145ac00e9dc2a9143644e5df35d849d789cf1
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
+ manual-document-mt-safety-resource.patch: 92b145ac00e9dc2a9143644e5df35d849d789cf1
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/manual-document-mt-safety-resource.patch b/patches/manual-document-mt-safety-resource.patch
new file mode 100644
index 0000000..5b2e192
--- /dev/null
+++ b/patches/manual-document-mt-safety-resource.patch
@@ -0,0 +1,83 @@
+Bottom: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Top: d713f011ada06fb3801e4032349a8ad88e6bc10c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:11:00 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/resource.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/resource.texi b/manual/resource.texi
+index 1ec7af2..71b08f7 100644
+--- a/manual/resource.texi
++++ b/manual/resource.texi
+@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
+ @comment sys/resource.h
+ @comment BSD
+ @deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems.
+ Read the current and maximum limits for the resource @var{resource}
+ and store them in @code{*@var{rlp}}.
+
+@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
+ @comment sys/resource.h
+ @comment Unix98
+ @deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
+ This function is similar to @code{getrlimit} but its second parameter is
+ a pointer to a variable of type @code{struct rlimit64}, which allows it
+ to read values which wouldn't fit in the member of a @code{struct
+@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int getpagesize (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
++@c the exception, with the possibility of a syscall.
+ The @code{getpagesize} function returns the page size of the process.
+ This value is fixed for the runtime of the process but can vary in
+ different runs of the application.
+@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_phys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This fopens a /proc file and scans it for the requested information.
+ The @code{get_phys_pages} function returns the total number of pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1569,6 +1578,7 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_avphys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+ The @code{get_phys_pages} function returns the number of available pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs_conf (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This function reads from from /sys using dir streams (single user, so
++@c no staticbuf MT-Safety issue), and on some arches, from /proc using
++@c streams.
+ The @code{get_nprocs_conf} function returns the number of processors the
+ operating system configured.
+
+@@ -1623,6 +1637,8 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs (void)
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
++@c This function reads from /proc using file descriptor I/O.
+ The @code{get_nprocs} function returns the number of available processors.
+
+ This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92b145ac00e9dc2a9143644e5df35d849d789cf1
commit 92b145ac00e9dc2a9143644e5df35d849d789cf1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:11:00 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/resource.texi: Document thread safety properties.
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5ea127b745d4510b2dd3d381784775ebcfb495c1
commit 5ea127b745d4510b2dd3d381784775ebcfb495c1
Merge: b725d38 d31f4f3 26ea2d6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b725d38d9b1ea0daae2378b3177f8bf6ab49e2fd
commit b725d38d9b1ea0daae2378b3177f8bf6ab49e2fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh
diff --git a/meta b/meta
index 7c829cd..9b76d00 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
-Head: 3c492e4cb73b102004f78143627f4afcb4a941e8
+Previous: d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
+Head: 26ea2d6064d2c298f6270e127600518ef48d28cf
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -19,8 +19,7 @@ Applied:
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
- wip-manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
- refresh-temp: 3c492e4cb73b102004f78143627f4afcb4a941e8
+ wip-manual-document-mt-safety-locale.patch: 26ea2d6064d2c298f6270e127600518ef48d28cf
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index d4ce415..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,34 +0,0 @@
-Bottom: 0eeefb1a35224c039dbbaef4f501176743a94c97
-Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:10:33 -0300
-
-Refresh of wip-manual-document-mt-safety-locale.patch
-
----
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 323268d..da50d18 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @comment locale.h
- @comment ISO
- @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
--@safety{@mtunsafe{uunguard}}
--@c This function is MT-Safe, but uses of the global locale object are
--@c unguarded in functions that ought to be MT-Safe, so we're ruling out
--@c the use of this function once threads are started.
-+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
-+@c Uses of the global locale object are unguarded in functions that
-+@c ought to be MT-Safe, so we're ruling out the use of this function
-+@c once threads are started. It takes a write lock itself, but it may
-+@c return a pointer loaded from the global locale object after releasing
-+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
-+@c and free, and _nl_find_locale, which amount to all documented safety
-+@c issues. It also calls new_composite_name, setdata, and setname,
-+@c without any additional issues. _nl_find_locale calls getenv, ...
-+This function returns a pointer read
- The function @code{setlocale} sets the current locale for category
- @var{category} to @var{locale}. A list of all the locales the system
- provides can be created by running
diff --git a/patches/wip-manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
index 05f521a..6515b05 100644
--- a/patches/wip-manual-document-mt-safety-locale.patch
+++ b/patches/wip-manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
-Top: 0eeefb1a35224c039dbbaef4f501176743a94c97
+Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,17 +13,23 @@ for ChangeLog
---
diff --git a/manual/locale.texi b/manual/locale.texi
-index 2f10fcd..323268d 100644
+index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
-@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
+@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-+@safety{@mtunsafe{uunguard}}
-+@c This function is MT-Safe, but uses of the global locale object are
-+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-+@c the use of this function once threads are started.
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Uses of the global locale object are unguarded in functions that
++@c ought to be MT-Safe, so we're ruling out the use of this function
++@c once threads are started. It takes a write lock itself, but it may
++@c return a pointer loaded from the global locale object after releasing
++@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
++@c and free, and _nl_find_locale, which amount to all documented safety
++@c issues. It also calls new_composite_name, setdata, and setname,
++@c without any additional issues. _nl_find_locale calls getenv, ...
++This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
commit d31f4f30b9ed6d8c6101ceb14f8586a37d97d0e7
Merge: bd1c881 7ab19d0 3c492e4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bd1c8815ec1444905bcac77db104b3f50fa7e079
commit bd1c8815ec1444905bcac77db104b3f50fa7e079
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 1425e91..7c829cd 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7a837af0e05b2583166686c9c4318de041c45d60
-Head: 965b78d1907aee9c2883d16ed9978379e22eccce
+Previous: 7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
+Head: 3c492e4cb73b102004f78143627f4afcb4a941e8
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -20,6 +20,7 @@ Applied:
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
wip-manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
+ refresh-temp: 3c492e4cb73b102004f78143627f4afcb4a941e8
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..d4ce415
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,34 @@
+Bottom: 0eeefb1a35224c039dbbaef4f501176743a94c97
+Top: 9a5ec672bda784c35e1f86d0f274cdb9e58f217c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:10:33 -0300
+
+Refresh of wip-manual-document-mt-safety-locale.patch
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 323268d..da50d18 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+-@safety{@mtunsafe{uunguard}}
+-@c This function is MT-Safe, but uses of the global locale object are
+-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+-@c the use of this function once threads are started.
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Uses of the global locale object are unguarded in functions that
++@c ought to be MT-Safe, so we're ruling out the use of this function
++@c once threads are started. It takes a write lock itself, but it may
++@c return a pointer loaded from the global locale object after releasing
++@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
++@c and free, and _nl_find_locale, which amount to all documented safety
++@c issues. It also calls new_composite_name, setdata, and setname,
++@c without any additional issues. _nl_find_locale calls getenv, ...
++This function returns a pointer read
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3c492e4cb73b102004f78143627f4afcb4a941e8
commit 3c492e4cb73b102004f78143627f4afcb4a941e8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:33 2013 -0300
Refresh of wip-manual-document-mt-safety-locale.patch
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
commit 7ab19d05f7ab97a9f433fd1b24e1569e06752ddf
Merge: bfddd8a 7a837af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:13 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bfddd8addf1b08bde28e5e930baf4961581eeb0e
commit bfddd8addf1b08bde28e5e930baf4961581eeb0e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:13 2013 -0300
rename
diff --git a/meta b/meta
index 25c936c..1425e91 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 59ed620f06b93f72d4bfeeffad6efccee52fb9f5
+Previous: 7a837af0e05b2583166686c9c4318de041c45d60
Head: 965b78d1907aee9c2883d16ed9978379e22eccce
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
@@ -19,7 +19,7 @@ Applied:
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
- manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
+ wip-manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/wip-manual-document-mt-safety-locale.patch
similarity index 100%
rename from patches/manual-document-mt-safety-locale.patch
rename to patches/wip-manual-document-mt-safety-locale.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=26ea2d6064d2c298f6270e127600518ef48d28cf
commit 26ea2d6064d2c298f6270e127600518ef48d28cf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=965b78d1907aee9c2883d16ed9978379e22eccce
commit 965b78d1907aee9c2883d16ed9978379e22eccce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7a837af0e05b2583166686c9c4318de041c45d60
commit 7a837af0e05b2583166686c9c4318de041c45d60
Merge: bbfc066 965b78d 59ed620
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:01 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bbfc066da6cce7e47b8dadc31ccfb867fc966745
commit bbfc066da6cce7e47b8dadc31ccfb867fc966745
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:10:01 2013 -0300
float
diff --git a/meta b/meta
index 23045ee..25c936c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d1b5808eaefe152c160fe51db180ee67bf67caec
-Head: 59483ceaa7daf7600c59559794b428683ea152ba
+Previous: 59ed620f06b93f72d4bfeeffad6efccee52fb9f5
+Head: 965b78d1907aee9c2883d16ed9978379e22eccce
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -19,9 +19,9 @@ Applied:
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
+ manual-document-mt-safety-locale.patch: 965b78d1907aee9c2883d16ed9978379e22eccce
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
- manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Hidden:
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index 4eae5d6..05f521a 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: f75097e48123219d68b9307cd827515c123cf0b8
-Top: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
+Bottom: baf6738652c9240a7ea48273cff318ffb17716d8
+Top: 0eeefb1a35224c039dbbaef4f501176743a94c97
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59483ceaa7daf7600c59559794b428683ea152ba
commit 59483ceaa7daf7600c59559794b428683ea152ba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/llio.texi: Document thread safety properties.
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59ed620f06b93f72d4bfeeffad6efccee52fb9f5
commit 59ed620f06b93f72d4bfeeffad6efccee52fb9f5
Merge: 511dc6f d1b5808 59483ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=511dc6f08b227550f80aa028c77d89c8ddc6559d
commit 511dc6f08b227550f80aa028c77d89c8ddc6559d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:09:32 2013 -0300
import
diff --git a/meta b/meta
index a5364f4..23045ee 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
-Head: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
+Previous: d1b5808eaefe152c160fe51db180ee67bf67caec
+Head: 59483ceaa7daf7600c59559794b428683ea152ba
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -18,6 +18,7 @@ Applied:
manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
+ manual-document-mt-safety-llio.patch: 59483ceaa7daf7600c59559794b428683ea152ba
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-llio.patch b/patches/manual-document-mt-safety-llio.patch
new file mode 100644
index 0000000..274aefd
--- /dev/null
+++ b/patches/manual-document-mt-safety-llio.patch
@@ -0,0 +1,649 @@
+Bottom: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Top: baf6738652c9240a7ea48273cff318ffb17716d8
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:09:32 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/llio.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/llio.texi b/manual/llio.texi
+index b129cf4..66370c4 100644
+--- a/manual/llio.texi
++++ b/manual/llio.texi
+@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The @code{open} function creates and returns a new file descriptor for
+ the file named by @var{filename}. Initially, the file position
+ indicator for the file is at the beginning of the file. The argument
+@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{open}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ difference is that on 32 bit systems the file is opened in the
+@@ -178,6 +180,7 @@ replaces the old API.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is obsolete. The call:
+
+ @smallexample
+@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{creat}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ the difference is that on 32 bit systems the file is opened in the
+@@ -219,6 +223,7 @@ replaces the old API.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int close (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The function @code{close} closes the file descriptor @var{filedes}.
+ Closing a file has the following consequences:
+
+@@ -300,6 +305,7 @@ but must be a signed type.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{read} function reads up to @var{size} bytes from the file
+ with descriptor @var{filedes}, storing the results in the @var{buffer}.
+ (This is not necessarily a character string, and no terminating null
+@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, read and lseek back, but is it
++@c used anywhere?
+ The @code{pread} function is similar to the @code{read} function. The
+ first three arguments are identical, and the return values and error
+ codes also correspond.
+@@ -430,6 +440,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
++@c it used anywhere?
+ This function is similar to the @code{pread} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{write} function writes up to @var{size} bytes from
+ @var{buffer} to the file with descriptor @var{filedes}. The data in
+ @var{buffer} is not necessarily a character string and a null character is
+@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, write and lseek back, but is it
++@c used anywhere?
+ The @code{pwrite} function is similar to the @code{write} function. The
+ first three arguments are identical, and the return values and error codes
+ also correspond.
+@@ -592,6 +611,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
++@c is it used anywhere?
+ This function is similar to the @code{pwrite} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{lseek} function is used to change the file position of the
+ file with descriptor @var{filedes}.
+
+@@ -713,6 +737,7 @@ descriptors.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to the @code{lseek} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ The @code{fdopen} function returns a new stream for the file descriptor
+ @var{filedes}.
+
+@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun int fileno (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns the file descriptor associated with the stream
+ @var{stream}. If an error is detected (for example, if the @var{stream}
+ is not valid) or if @var{stream} does not do I/O to a file,
+@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fileno_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fileno_unlocked} function is equivalent to the @code{fileno}
+ function except that it does not implicitly lock the stream if the state
+ is @code{FSETLOCKING_INTERNAL}.
+@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+-
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer into which data is read, if the total read size is
++@c too large for alloca.
+ The @code{readv} function reads data from @var{filedes} and scatters it
+ into the buffers described in @var{vector}, which is taken to be
+ @var{count} structures long. As each buffer is filled, data is sent to the
+@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer from which data is written, if the total write size
++@c is too large for alloca.
+
+ The @code{writev} function gathers data from the buffers described in
+ @var{vector}, which is taken to be @var{count} structures long, and writes
+@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{mmap} function creates a new mapping, connected to bytes
+ (@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
+@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
+ @comment sys/mman.h
+ @comment LFS
+ @deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
++@c is) would be thread-unsafe.
+ The @code{mmap64} function is equivalent to the @code{mmap} function but
+ the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
+ this allows the file associated with the @var{filedes} descriptor to be
+@@ -1284,6 +1325,7 @@ replaces the old API.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int munmap (void *@var{addr}, size_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ @code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
+ @var{length}). @var{length} should be the length of the mapping.
+@@ -1310,6 +1352,7 @@ aligned.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ When using shared mappings, the kernel can write the file at any time
+ before the mapping is removed. To be certain data has actually been
+@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
+ @comment sys/mman.h
+ @comment GNU
+ @deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to change the size of an existing memory
+ area. @var{address} and @var{length} must cover a region entirely mapped
+@@ -1405,6 +1449,7 @@ Coding Standards}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to provide the system with @var{advice} about
+ the intended usage patterns of the memory region starting at @var{addr}
+@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_ZERO (fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro initializes the file descriptor set @var{set} to be the
+ empty set.
+ @end deftypefn
+@@ -1538,6 +1584,9 @@ empty set.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro adds @var{filedes} to the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1547,6 +1596,9 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro removes @var{filedes} from the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1556,6 +1608,7 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value (true) if @var{filedes} is a member
+ of the file descriptor set @var{set}, and zero (false) otherwise.
+
+@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The select syscall is preferred, but pselect6 may be used instead,
++@c which requires converting timeout to a timespec and back. The
++@c conversions are not atomic.
+ The @code{select} function blocks the calling process until there is
+ activity on any of the specified sets of file descriptors, or until the
+ timeout period has expired.
+@@ -1670,6 +1727,7 @@ they return.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun void sync (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ A call to this function will not return as long as there is data which
+ has not been written to the device. All dirty buffers in the kernel will
+ be written and so an overall consistent system can be achieved (if no
+@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fsync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fsync} function can be used to make sure all data associated with
+ the open file @var{fildes} is written to the device associated with the
+ descriptor. The function call does not return unless all actions have
+@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fdatasync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ When a call to the @code{fdatasync} function returns, it is ensured
+ that all of the file data is written to the device. For all pending I/O
+ operations, the parts guaranteeing data integrity finished.
+@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_read (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Calls aio_enqueue_request.
++@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_self ok
++@c pthread_getschedparam selfdeadlock, lockleak
++@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
++@c sched_getparam ok
++@c sched_getscheduler ok
++@c lll_unlock lockleak
++@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
++@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
++@c realloc asmalloc, memleak
++@c calloc asmalloc, memleak
++@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_attr_init ok
++@c pthread_attr_setdetachstate ok
++@c pthread_get_minstack ok
++@c pthread_attr_setstacksize ok
++@c sigfillset ok
++@c memset ok
++@c sigdelset ok [xguargs, but the caller's sigset is automatic]
++@c SYSCALL rt_sigprocmask ok
++@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c alloca/malloc asmalloc, memleak
++@c lll_unlock lockleak
++@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c getpagesize dup
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c lll_unlock lockleak
++@c _dl_allocate_tls asmalloc, memleak
++@c _dl_allocate_tls_storage asmalloc, memleak
++@c memalign asmalloc, memleak
++@c memset ok
++@c allocate_dtv dup
++@c free asmalloc, memleak
++@c allocate_dtv asmalloc, memleak
++@c calloc asmalloc, memleak
++@c INSTALL_DTV ok
++@c list_add dup
++@c get_cached_stack
++@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
++@c list_for_each ok
++@c list_entry dup
++@c FREE_P dup
++@c stack_list_del dup
++@c stack_list_add dup
++@c lll_unlock lockleak
++@c _dl_allocate_tls_init ok
++@c GET_DTV ok
++@c mmap ok
++@c atomic_increment_val ok
++@c munmap ok
++@c change_stack_perm ok
++@c mprotect ok
++@c mprotect ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c THREAD_COPY_STACK_GUARD ok
++@c THREAD_COPY_POINTER_GUARD ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (state_cache_lock) selfdeadlock, lockleak
++@c stack_list_del ok
++@c atomic_write_barrier ok
++@c list_del ok [uunguard]
++@c atomic_write_barrier ok
++@c queue_stack asmalloc, memleak
++@c stack_list_add ok
++@c atomic_write_barrier ok
++@c list_add ok [uunguard]
++@c atomic_write_barrier ok
++@c free_stacks asmalloc, memleak
++@c list_for_each_prev_safe ok
++@c list_entry ok
++@c FREE_P ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c _dl_deallocate_tls asmalloc, memleak
++@c free asmalloc, memleak
++@c lll_unlock lockleak
++@c create_thread selfdeadlock, asmalloc, lockleak, memleak
++@c td_eventword
++@c td_eventmask
++@c do_clone selfdeadlock, asmalloc, lockleak, memleak
++@c PREPARE_CREATE ok
++@c lll_lock (pd->lock) selfdeadlock, lockleak
++@c atomic_increment ok
++@c clone ok
++@c atomic_decrement ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack dup
++@c sched_setaffinity ok
++@c tgkill ok
++@c sched_setscheduler ok
++@c atomic_compare_and_exchange_bool_acq ok
++@c nptl_create_event ok
++@c lll_unlock (pd->lock) lockleak
++@c free asmalloc, memleak
++@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
++@c add_request_to_runlist ok [xguargs]
++@c pthread_cond_signal ok
++@c aio_free_request ok [xguargs]
++@c pthread_mutex_unlock lockleak
++
++@c (in the new thread, initiated with clone)
++@c start_thread ok
++@c HP_TIMING_NOW ok
++@c ctype_init [glocale] (in theory, but optimized into safety)
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c sigemptyset ok
++@c sigaddset ok
++@c setjmp ok
++@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
++@c do_cancel ok
++@c pthread_unwind ok
++@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
++@c lll_lock selfdeadlock, lockleak
++@c lll_unlock selfdeadlock, lockleak
++@c CANCEL_RESET -> pthread_disable_asynccancel ok
++@c lll_futex_wait ok
++@c ->start_routine ok -----
++@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
++@c user-supplied dtor
++@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
++@c rtld_lock_unlock_recursive lockleak
++@c free asmalloc, memleak
++@c nptl_deallocate_tsd asmalloc, memleak
++@c tsd user-supplied dtors ok
++@c free asmalloc, memleak
++@c libc_thread_freeres
++@c libc_thread_subfreeres ok
++@c atomic_decrement_and_test ok
++@c td_eventword ok
++@c td_eventmask ok
++@c atomic_compare_exchange_bool_acq ok
++@c nptl_death_event ok
++@c lll_robust_dead ok
++@c getpagesize ok
++@c madvise ok
++@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
++@c free asmalloc, memleak
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_futex_wait ok
++@c exit_thread_inline ok
++@c syscall(exit) ok
++
+ This function initiates an asynchronous read operation. It
+ immediately returns after the operation was enqueued or when an
+ error was encountered.
+@@ -1988,6 +2200,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_read} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{aio_read64} uses
+@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_write (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function initiates an asynchronous write operation. The function
+ call immediately returns after the operation was enqueued or if before
+ this happens an error was encountered.
+@@ -2072,6 +2286,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_write} function. The only
+ difference is that on @w{32 bit} machines the file descriptor should
+ be opened in the large file mode. Internally @code{aio_write64} uses
+@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
++@c enqueues each request. Then, it waits for notification or prepares
++@c for it before releasing the lock. Even though it performs memory
++@c allocation and locking of its own, it doesn't add any classes of
++@c safety issues that aren't already covered by aio_enqueue_request.
+ The @code{lio_listio} function can be used to enqueue an arbitrary
+ number of read and write requests at one time. The requests can all be
+ meant for the same file, all for different files or every solution in
+@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{lio_listio} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{lio_listio64} uses
+@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_error (const struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function determines the error state of the request described by the
+ @code{struct aiocb} variable pointed to by @var{aiocbp}. If the
+ request has not yet terminated the value returned is always
+@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_error} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2238,6 +2462,7 @@ machines.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function can be used to retrieve the return status of the operation
+ carried out by the request described in the variable pointed to by
+ @var{aiocbp}. As long as the error status of this request as returned
+@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_return} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check that the FD is open, it calls
++@c aio_enqueue_request.
+ Calling this function forces all I/O operations operating queued at the
+ time of the function call operating on the file descriptor
+ @code{aiocbp->aio_fildes} into the synchronized I/O completion state
+@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_fsync} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c Take aio_requests_mutex, set up waitlist and requestlist, wait
++@c for completion or timeout, and release the mutex.
+ When calling this function, the calling thread is suspended until at
+ least one of the requests pointed to by the @var{nent} elements of the
+ array @var{list} has completed. If any of the requests has already
+@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is similar to @code{aio_suspend} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check the fd is open, hold aio_requests_mutex, call
++@c aio_find_req_fd, aio_remove_request, then aio_notify and
++@c aio_free_request each request before releasing the lock.
++@c aio_notify calls aio_notify_only and free, besides cond signal or
++@c similar. aio_notify_only calls pthread_attr_init,
++@c pthread_attr_setdetachstate, malloc, pthread_create,
++@c notify_func_wrapper, aio_sigqueue, getpid, raise.
++@c notify_func_wraper calls aio_start_notify_thread, free and then the
++@c notifier function.
+ The @code{aio_cancel} function can be used to cancel one or more
+ outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
+ function tries to cancel all of the outstanding requests which would process
+@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_cancel} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2529,6 +2774,8 @@ Unused.
+ @comment aio.h
+ @comment GNU
+ @deftypefun void aio_init (const struct aioinit *@var{init})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c All changes to global objects are guarded by aio_requests_mutex.
+ This function must be called before any other AIO function. Calling it
+ is completely voluntary, as it is only meant to help the AIO
+ implementation perform better.
+@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fcntl} function performs the operation specified by
+ @var{command} on the file descriptor @var{filedes}. Some commands
+ require additional arguments to be supplied. These additional arguments
+@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup (int @var{old})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies descriptor @var{old} to the first available
+ descriptor number (the first number not currently open). It is
+ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup2 (int @var{old}, int @var{new})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies the descriptor @var{old} to descriptor number
+ @var{new}.
+
+@@ -3631,6 +3881,7 @@ different headers.
+ @comment sys/ioctl.h
+ @comment BSD
+ @deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{ioctl} function performs the generic I/O operation
+ @var{command} on @var{filedes}.
+@@ -3650,3 +3901,6 @@ unknown device.
+ Most IOCTLs are OS-specific and/or only used in special system utilities,
+ and are thus beyond the scope of this document. For an example of the use
+ of an IOCTL, see @ref{Out-of-Band Data}.
++
++@c FIXME this is undocumented:
++@c dup3
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
commit ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/libdl.texi: New.
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d1b5808eaefe152c160fe51db180ee67bf67caec
commit d1b5808eaefe152c160fe51db180ee67bf67caec
Merge: 933d2fb 55b9c1e ca4e6ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=933d2fb03531dd5c728702c576b3864b549ef2a1
commit 933d2fb03531dd5c728702c576b3864b549ef2a1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:59 2013 -0300
import
diff --git a/meta b/meta
index 57830af..a5364f4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: bb876ad58dc08465bbe11d035994ca2dfd5f198e
-Head: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
+Previous: 55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
+Head: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -17,6 +17,7 @@ Applied:
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
+ manual-document-mt-safety-libdl.patch: ca4e6ed5fbcca95d7f29a49c4ed65651acda0efe
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-libdl.patch b/patches/manual-document-mt-safety-libdl.patch
new file mode 100644
index 0000000..51626a1
--- /dev/null
+++ b/patches/manual-document-mt-safety-libdl.patch
@@ -0,0 +1,30 @@
+Bottom: 95e3af012c2d8222ce9c18f313b200f086405d32
+Top: 5d6bbf322290ec49c7df2274a5b3ec79d32fd303
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:08:59 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/libdl.texi: New.
+
+
+---
+
+diff --git a/manual/libdl.texi b/manual/libdl.texi
+new file mode 100644
+index 0000000..e3fe045
+--- /dev/null
++++ b/manual/libdl.texi
+@@ -0,0 +1,10 @@
++@c FIXME these are undocumented:
++@c dladdr
++@c dladdr1
++@c dlclose
++@c dlerror
++@c dlinfo
++@c dlmopen
++@c dlopen
++@c dlsym
++@c dlvsym
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
commit a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/lang.texi: Document thread safety properties.
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
commit 55b9c1e2c45ebb7abdd12b9b1ef546eba08829bd
Merge: 647690f a7fd5e4 bb876ad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=647690fef25dc2fe30b41c6d6c4653a932f0d514
commit 647690fef25dc2fe30b41c6d6c4653a932f0d514
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:32 2013 -0300
import
diff --git a/meta b/meta
index 3b789ad..57830af 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
-Head: 138c83afb5f7d92dcac1049f150b154d43addda2
+Previous: bb876ad58dc08465bbe11d035994ca2dfd5f198e
+Head: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -16,6 +16,7 @@ Applied:
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
+ manual-document-mt-safety-lang.patch: a7fd5e42f1a4a4cb65dadb2a7ba4ef28bb8bb3fd
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-lang.patch b/patches/manual-document-mt-safety-lang.patch
new file mode 100644
index 0000000..eef82af
--- /dev/null
+++ b/patches/manual-document-mt-safety-lang.patch
@@ -0,0 +1,81 @@
+Bottom: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Top: 95e3af012c2d8222ce9c18f313b200f086405d32
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:08:32 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/lang.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/lang.texi b/manual/lang.texi
+index ee04e23..d6cd90c 100644
+--- a/manual/lang.texi
++++ b/manual/lang.texi
+@@ -51,6 +51,8 @@ without indicating anything might be wrong.
+ @comment assert.h
+ @comment ISO
+ @deftypefn Macro void assert (int @var{expression})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Verify the programmer's belief that @var{expression} is nonzero at
+ this point in the program.
+
+@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
+ @comment assert.h
+ @comment GNU
+ @deftypefn Macro void assert_perror (int @var{errnum})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Similar to @code{assert}, but verifies that @var{errnum} is zero.
+
+ If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
+@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This macro initializes the argument pointer variable @var{ap} to point
+ to the first of the optional arguments of the current function;
+ @var{last-required} must be the last required argument to the function.
+@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_arg} macro returns the value of the next optional argument,
+ and modifies the value of @var{ap} to point to the subsequent argument.
+ Thus, successive uses of @code{va_arg} return successive optional
+@@ -445,6 +453,8 @@ of the actual argument.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_end (va_list @var{ap})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This ends the use of @var{ap}. After a @code{va_end} call, further
+ @code{va_arg} calls with the same @var{ap} may not work. You should invoke
+ @code{va_end} before returning from the function in which @code{va_start}
+@@ -466,6 +476,8 @@ of the same type.
+ @comment ISO
+ @deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
+ @deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_copy} macro allows copying of objects of type
+ @code{va_list} even if this is not an integral type. The argument pointer
+ in @var{dest} is initialized to point to the same argument as the
+@@ -1212,6 +1224,8 @@ type of a particular structure member.
+ @comment stddef.h
+ @comment ISO
+ @deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This expands to a integer constant expression that is the offset of the
+ structure member named @var{member} in the structure type @var{type}.
+ For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=138c83afb5f7d92dcac1049f150b154d43addda2
commit 138c83afb5f7d92dcac1049f150b154d43addda2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/job.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bb876ad58dc08465bbe11d035994ca2dfd5f198e
commit bb876ad58dc08465bbe11d035994ca2dfd5f198e
Merge: ed1d024 9eb0f35 138c83a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ed1d02477c67d2906fb070681314349d24dc384b
commit ed1d02477c67d2906fb070681314349d24dc384b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:15 2013 -0300
import
diff --git a/meta b/meta
index 8fbf811..3b789ad 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 92919fc25ad418c3e600d2ebfd89c21e91e8802d
-Head: c48dff451b9a543c5f827092417468a0d6672c59
+Previous: 9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
+Head: 138c83afb5f7d92dcac1049f150b154d43addda2
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -15,6 +15,7 @@ Applied:
manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
+ manual-document-mt-safety-job.patch: 138c83afb5f7d92dcac1049f150b154d43addda2
Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
diff --git a/patches/manual-document-mt-safety-job.patch b/patches/manual-document-mt-safety-job.patch
new file mode 100644
index 0000000..b4d3b96
--- /dev/null
+++ b/patches/manual-document-mt-safety-job.patch
@@ -0,0 +1,123 @@
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: 78811ad7f6f34dae902d17fe9939b1ed2877fc8c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:08:15 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/job.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/job.texi b/manual/job.texi
+index 4efeed3..779ea96 100644
+--- a/manual/job.texi
++++ b/manual/job.texi
+@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {char *} ctermid (char *@var{string})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This function is a stub by default; the actual implementation, for
++@c posix systems, returns an internal buffer if passed a NULL string,
++@c but the internal buffer is always set to /dev/tty.
+ The @code{ctermid} function returns a string containing the file name of
+ the controlling terminal for the current process. If @var{string} is
+ not a null pointer, it should be an array that can hold at least
+@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t setsid (void)
++@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
++@c This is usually a direct syscall, but if a syscall is not available,
++@c we use a stub, or Hurd- and BSD-specific implementations. The former
++@c uses a mutex and a hurd critical section, and the latter issues a few
++@c syscalls, so both seem safe, except for the locking on Hurd.
+ The @code{setsid} function creates a new session. The calling process
+ becomes the session leader, and is put in a new process group whose
+ process group ID is the same as the process ID of that process. There
+@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
+ @comment unistd.h
+ @comment SVID
+ @deftypefun pid_t getsid (pid_t @var{pid})
+-
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{getsid} function returns the process group ID of the session
+ leader of the specified process. If a @var{pid} is @code{0}, the
+ process group ID of the session leader of the current process is
+@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefn {POSIX.1 Function} pid_t getpgrp (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The POSIX.1 definition of @code{getpgrp} returns the process group ID of
+ the calling process.
+ @end deftypefn
+@@ -1141,6 +1153,8 @@ the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The BSD definition of @code{getpgrp} returns the process group ID of the
+ process @var{pid}. You can supply a value of @code{0} for the @var{pid}
+ argument to get information about the calling process.
+@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
+ @comment unistd.h
+ @comment SVID
+ @deftypefn {System V Function} int getpgid (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+
+ @code{getpgid} is the same as the BSD function @code{getpgrp}. It
+ returns the process group ID of the process @var{pid}. You can supply a
+@@ -1171,6 +1187,8 @@ process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{setpgid} function puts the process @var{pid} into the process
+ group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
+ be zero to indicate the process ID of the calling process.
+@@ -1208,6 +1226,8 @@ process or a child of the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall or setpgid wrapper.
+ This is the BSD Unix name for @code{setpgid}. Both functions do exactly
+ the same thing.
+ @end deftypefun
+@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t tcgetpgrp (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function returns the process group ID of the foreground process
+ group associated with the terminal open on descriptor @var{filedes}.
+
+@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function is used to set a terminal's foreground process group ID.
+ The argument @var{filedes} is a descriptor which specifies the terminal;
+ @var{pgid} specifies the process group. The calling process must be a
+@@ -1297,6 +1321,8 @@ process.
+ @comment termios.h
+ @comment Unix98
+ @deftypefun pid_t tcgetsid (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
+ This function is used to obtain the process group ID of the session
+ for which the terminal specified by @var{fildes} is the controlling terminal.
+ If the call is successful the group ID is returned. Otherwise the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
commit 9eb0f35298528a56e8b83fd1dab2fa72927ae1b9
Merge: 13c32a1 92919fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:05 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=13c32a1b05e4fe8016b283ac793185f0befbbd41
commit 13c32a1b05e4fe8016b283ac793185f0befbbd41
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:05 2013 -0300
push
diff --git a/meta b/meta
index fd57941..8fbf811 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b4537d0a04428bf9cee6e267a5f57dbdd3301329
-Head: d1d06a086358b876405130714e2c5cf0d7740ab8
+Previous: 92919fc25ad418c3e600d2ebfd89c21e91e8802d
+Head: c48dff451b9a543c5f827092417468a0d6672c59
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -14,8 +14,8 @@ Applied:
manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
-Unapplied:
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
+Unapplied:
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92919fc25ad418c3e600d2ebfd89c21e91e8802d
commit 92919fc25ad418c3e600d2ebfd89c21e91e8802d
Merge: 1b05d1f b4537d0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:01 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1b05d1ffbe01790bcb6afa26a3814eb688d2d9d9
commit 1b05d1ffbe01790bcb6afa26a3814eb688d2d9d9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:08:01 2013 -0300
pop
diff --git a/meta b/meta
index ee8ca34..fd57941 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8f0d964f583cad6e1513d3ee7521ebca819e5751
-Head: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
+Previous: b4537d0a04428bf9cee6e267a5f57dbdd3301329
+Head: d1d06a086358b876405130714e2c5cf0d7740ab8
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
@@ -14,10 +14,10 @@ Applied:
manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
+Unapplied:
manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b4537d0a04428bf9cee6e267a5f57dbdd3301329
commit b4537d0a04428bf9cee6e267a5f57dbdd3301329
Merge: 2ce7724 4546f1e 8f0d964
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:54 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2ce7724e0875f99da3acbe4b4f8b238fe67a7166
commit 2ce7724e0875f99da3acbe4b4f8b238fe67a7166
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:54 2013 -0300
push
diff --git a/meta b/meta
index 00e3714..ee8ca34 100644
--- a/meta
+++ b/meta
@@ -1,23 +1,23 @@
Version: 1
-Previous: b4d906acf0574484a2eee239e7c46c7e060297be
-Head: 351fb371fa127df8fa5e27b38a330e4258b35180
+Previous: 8f0d964f583cad6e1513d3ee7521ebca819e5751
+Head: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Applied:
manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
+ powerpc-nofpu-sim-note-nothread.patch: 8ff199e32650a502ca50da4736e82ed813e08fa4
+ unused-scalb-is-scalbn.patch: 62694b21850cd676e82306bc82418b952b9d3d31
+ manual-document-mt-safety-argp.patch: 8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
+ manual-document-mt-safety-arith.patch: 5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
+ manual-document-mt-safety-charset.patch: 296ae41496afc524f6f75648a3298a5419b46990
+ manual-document-mt-safety-conf.patch: 95b0911edf2eb244430d9533ec0a8a3f7058581c
+ manual-document-mt-safety-crypt.patch: e600904c5eab885a1a7c8aef6bb2f570bd201275
+ manual-document-mt-safety-ctype.patch: 727a9c49e98194570a2c85e47c355bcc55398cd9
+ manual-document-mt-safety-debug.patch: 7f89734934ba539d84fdf02163f64ae84f795ac9
+ manual-document-mt-safety-errno.patch: b035d6eeb7b48636043919617d515c88522ba6c3
+ manual-document-mt-safety-filesys.patch: d1d06a086358b876405130714e2c5cf0d7740ab8
+ manual-document-mt-safety-getopt.patch: c48dff451b9a543c5f827092417468a0d6672c59
+ manual-document-mt-safety-stdio.patch: ce7a82428b383c27385283464762599a0000cba2
+ manual-document-mt-safety-locale.patch: e3578b80d486c85ecfce6a21f09e9051d868468b
+ manual-document-mt-safety-math.patch: 0082110725464cff983520a32eac4c49ff25339e
+ manual-document-mt-safety-wip.patch: 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Unapplied:
- powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
- unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
- manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
- manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
- manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
- manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
- manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
- manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
- manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
- manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
- manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
- manual-document-mt-safety-getopt.patch: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
- manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
- manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
- manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 5313e9f..914e844 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
-Top: 159ee8e039a2ee1968f5b806b99cb2c568c31678
+Bottom: 6ef173fc60a9c842433354081fa0216e4430c1b8
+Top: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index b25c52a..49b1456 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 159ee8e039a2ee1968f5b806b99cb2c568c31678
-Top: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
+Bottom: 206cd625e1e8e8dc3e141cdd29c90772cf35e923
+Top: 260809414e54f35864ab54b52fdbff3517f05f2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-charset.patch b/patches/manual-document-mt-safety-charset.patch
index d61f282..c4d22ae 100644
--- a/patches/manual-document-mt-safety-charset.patch
+++ b/patches/manual-document-mt-safety-charset.patch
@@ -1,5 +1,5 @@
-Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
-Top: 214fcee1fc2244efd3fa34e70667561366631af6
+Bottom: 260809414e54f35864ab54b52fdbff3517f05f2e
+Top: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:01:33 -0300
diff --git a/patches/manual-document-mt-safety-conf.patch b/patches/manual-document-mt-safety-conf.patch
index dc5d0aa..0db760e 100644
--- a/patches/manual-document-mt-safety-conf.patch
+++ b/patches/manual-document-mt-safety-conf.patch
@@ -1,5 +1,5 @@
-Bottom: 214fcee1fc2244efd3fa34e70667561366631af6
-Top: 01a0439b7c735fb096210cab50592ed7ae588e00
+Bottom: 0ed3cc03efad5a94ba0a48cd696ec823658ac35b
+Top: 621eb53ac8713123406be43ebd474132b7c6e4de
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:16 -0300
diff --git a/patches/manual-document-mt-safety-crypt.patch b/patches/manual-document-mt-safety-crypt.patch
index 8311afe..20411b6 100644
--- a/patches/manual-document-mt-safety-crypt.patch
+++ b/patches/manual-document-mt-safety-crypt.patch
@@ -1,5 +1,5 @@
-Bottom: 01a0439b7c735fb096210cab50592ed7ae588e00
-Top: 9879c04c4ffa34225360a9359ba3d098a05a208c
+Bottom: 621eb53ac8713123406be43ebd474132b7c6e4de
+Top: 25551ef91682bea014db1b2031e4dad60a4ba129
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:03:47 -0300
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index f682ded..8700f8e 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 9879c04c4ffa34225360a9359ba3d098a05a208c
-Top: ef2aa24039042b2529772d0209797c599eb01fbe
+Bottom: 25551ef91682bea014db1b2031e4dad60a4ba129
+Top: 1fe3a56b7e61d235687df61e4d4bded8e7283992
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
index c31f434..2063a20 100644
--- a/patches/manual-document-mt-safety-debug.patch
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -1,5 +1,5 @@
-Bottom: ef2aa24039042b2529772d0209797c599eb01fbe
-Top: d9693aa296c06ebe3fdaa8817d28a446b893fe25
+Bottom: 1fe3a56b7e61d235687df61e4d4bded8e7283992
+Top: 5add8b2d9a79567d15e402219a50ddf6704cdcea
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:11 -0300
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
index 75e4099..7b30386 100644
--- a/patches/manual-document-mt-safety-errno.patch
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -1,5 +1,5 @@
-Bottom: d9693aa296c06ebe3fdaa8817d28a446b893fe25
-Top: e0c86b7119156c45d45fc7b8853dfb0c950448cb
+Bottom: 5add8b2d9a79567d15e402219a50ddf6704cdcea
+Top: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:05:34 -0300
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
index 5f9b89d..7b4e146 100644
--- a/patches/manual-document-mt-safety-filesys.patch
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -1,5 +1,5 @@
-Bottom: e0c86b7119156c45d45fc7b8853dfb0c950448cb
-Top: c99f368a71f19ba8429c3534e1b674f3a20de73e
+Bottom: 50fd6f363b9af88ae1e05db55cefcd1e41c10123
+Top: c0467ea68e04c4b52c9c771dad681e1220291a6a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:03 -0300
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
index d1ce979..753c8f5 100644
--- a/patches/manual-document-mt-safety-getopt.patch
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -1,5 +1,5 @@
-Bottom: c99f368a71f19ba8429c3534e1b674f3a20de73e
-Top: eaf7ea9f21df96f6e1ba6d92a8b44a2546e980f4
+Bottom: c0467ea68e04c4b52c9c771dad681e1220291a6a
+Top: 18760d732995b8379bc372377398a8fd58732762
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 22:06:36 -0300
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index a5cc454..4eae5d6 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: e394e37491899340294bfd977f43c098c558c2b1
-Top: e7a76e5bc200b56429777851aab7bce4bcbb7c56
+Bottom: f75097e48123219d68b9307cd827515c123cf0b8
+Top: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index ebdf1e4..336844e 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: e7a76e5bc200b56429777851aab7bce4bcbb7c56
-Top: 493d959bda4db41836ea91b2b9685b47ab733575
+Bottom: 3b40240eced54a0f63e844f5354c9ab2106ba9d3
+Top: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index fb0f44d..ad86e9d 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
-Top: 9d00eea6735363e6e80869186f9fb160ee3e5642
+Bottom: 18760d732995b8379bc372377398a8fd58732762
+Top: f75097e48123219d68b9307cd827515c123cf0b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 403d0e3..0350f71 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,4 +1,4 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Bottom: edfbd2bf9a8a7592b48fc6ddfd6dd6a196355d21
Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -12,1852 +12,6 @@ for ChangeLog
---
-diff --git a/manual/argp.texi b/manual/argp.texi
-index c9fbe97..5322f91 100644
---- a/manual/argp.texi
-+++ b/manual/argp.texi
-@@ -36,6 +36,35 @@ needed in @code{main}.
- @comment argp.h
- @comment GNU
- @deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
-+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c Optionally alloca()tes standard help options, initializes the parser,
-+@c then parses individual args in a loop, and then finalizes.
-+@c parser_init
-+@c calc_sizes ok
-+@c option_is_end ok
-+@c malloc
-+@c parser_convert glocale
-+@c convert_options glocale
-+@c option_is_end ok
-+@c option_is_short ok
-+@c isprint, but locale may change within the loop
-+@c find_long_option ok
-+@c group_parse
-+@c group->parser (from argp->parser)
-+@c parser_parse_next
-+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
-+@c parser_parse_arg
-+@c group_parse
-+@c parser_parse_opt
-+@c group_parse
-+@c argp_error
-+@c dgettext (bad key error)
-+@c parser_finalize
-+@c group_parse
-+@c fprintf
-+@c dgettext
-+@c arg_state_help
-+@c free
- The @code{argp_parse} function parses the arguments in @var{argv}, of
- length @var{argc}, using the argp parser @var{argp}. @xref{Argp
- Parsers}. Passing a null pointer for @var{argp} is the same as using
-@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_usage (const struct argp_state *@var{state})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
- Outputs the standard usage message for the argp parser referred to by
- @var{state} to @code{@var{state}->err_stream} and terminate the program
- with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
-@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Lock stream, vasprintf the formatted message into a buffer, print the
-+@c buffer prefixed by the short program name (in libc,
-+@c argp_short_program_name is a macro that expands to
-+@c program_invocation_short_name), releases the buffer, then call
-+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
-+@c stream at the end.
- Prints the printf format string @var{fmt} and following args, preceded
- by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
- --help}} message, and terminates the program with an exit status of
-@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
- @comment argp.h
- @comment GNU
- @deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
-+@c Lock stream, write out the short program name, vasprintf the optional
-+@c formatted message to a buffer, print the buffer prefixed by colon and
-+@c blank, release the buffer, call strerror_r with an automatic buffer,
-+@c print it out after colon and blank, put[w]c a line break, unlock the
-+@c stream, then exit unless ARGP_NO_EXIT.
- Similar to the standard gnu error-reporting function @code{error}, this
- prints the program name and @samp{:}, the printf format string
- @var{fmt}, and the appropriate following args. If it is non-zero, the
-@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls _help with the short program name and optionally exit.
-+@c The main problems in _help, besides the usual issues with stream I/O
-+@c and translation, are the use of a static buffer (uparams) that makes
-+@c the whole thing thread-unsafe, reading from the environment for
-+@c ARGP_HELP_FMT, accessing the locale object multiple times.
-+
-+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c dgettext asi18n
-+@c flockfile lockleak
-+@c funlockfile lockleak
-+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
-+@c argp_failure dup (status = errnum = 0)
-+@c atoi dup
-+@c argp_hol asmalloc, memleak
-+@c make_hol asmalloc, memleak
-+@c hol_add_cluster asmalloc, memleak
-+@c hol_append asmalloc, memleak
-+@c hol_set_group ok
-+@c hol_find_entry ok
-+@c hol_sort glocale, asmalloc, memleak
-+@c qsort asmalloc, memleak
-+@c hol_entry_qcmp glocale
-+@c hol_entry_cmp glocale
-+@c group_cmp ok
-+@c hol_cluster_cmp ok
-+@c group_cmp ok
-+@c hol_entry_first_short glocale
-+@c hol_entry_short_iterate [glocale]
-+@c until_short ok
-+@c oshort ok
-+@c isprint ok
-+@c odoc ok
-+@c hol_entry_first_long ok
-+@c canon_doc_option glocale
-+@c tolower dup
-+@c hol_usage glocale, asi18n, asmalloc, memleak
-+@c hol_entry_short_iterate ok
-+@c add_argless_short_opt ok
-+@c argp_fmtstream_printf dup
-+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
-+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
-+@c dgettext dup
-+@c argp_fmtstream_printf dup
-+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
-+@c usage_long_opt glocale, asi18n, asmalloc, memleak
-+@c dgettext dup
-+@c argp_fmtstream_printf dup
-+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_set_lmargin dup
-+@c argp_fmtstream_wmargin dup
-+@c argp_fmtstream_set_wmargin dup
-+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_putc dup
-+@c hol_cluster_is_child ok
-+@c argp_fmtstream_wmargin dup
-+@c print_header dup
-+@c argp_fmtstream_set_wmargin dup
-+@c argp_fmtstream_puts dup
-+@c indent_to dup
-+@c argp_fmtstream_putc dup
-+@c arg glocale, asmalloc, memleak
-+@c argp_fmtstream_printf dup
-+@c odoc dup
-+@c argp_fmtstream_puts dup
-+@c argp_fmtstream_printf dup
-+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c dgettext dup
-+@c filter_doc dup
-+@c argp_fmtstream_putc dup
-+@c indent_to dup
-+@c argp_fmtstream_set_lmargin dup
-+@c argp_fmtstream_set_wmargin dup
-+@c argp_fmtstream_puts dup
-+@c free dup
-+@c filter_doc dup
-+@c argp_fmtstream_point dup
-+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_point dup
-+@c argp_fmtstream_putc dup
-+@c dgettext dup
-+@c filter_doc dup
-+@c argp_fmtstream_putc dup
-+@c argp_fmtstream_puts dup
-+@c free dup
-+@c hol_free asmalloc, memleak
-+@c free dup
-+@c argp_args_levels ok
-+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c dgettext dup
-+@c filter_doc ok
-+@c argp_input ok
-+@c argp->help_filter
-+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_point dup
-+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_putc dup
-+@c argp_fmtstream_write dup
-+@c free dup
-+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
-+@c dgettext asi18n
-+@c strndup asmalloc, memleak
-+@c argp_input dup
-+@c argp->help_filter
-+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_ensure dup
-+@c argp_fmtstream_write dup
-+@c argp_fmtstream_puts dup
-+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_lmargin dup
-+@c free dup
-+@c argp_make_fmtstream asmalloc, memleak
-+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
-+@c put[w]c_unlocked dup
-+@c isblank in loop glocale
-+@c fxprintf lockleak
-+@c fxprintf lockleak
-+@c free dup
-+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_printf glocale, asmalloc, memleak
-+@c argp_fmtstream_ensure dup
-+@c vsnprintf dup
-+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
-+@c argp_fmtstream_update dup
-+@c fxprintf lockleak
-+@c realloc asmalloc, memleak
- Outputs a help message for the argp parser referred to by @var{state},
- to @var{stream}. The @var{flags} argument determines what sort of help
- message is produced. @xref{Argp Help Flags}.
-@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
- @comment argp.h
- @comment GNU
- @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
-+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
-+@c Just calls _help.
- This outputs a help message for the argp parser @var{argp} to
- @var{stream}. The type of messages printed will be determined by
- @var{flags}.
-diff --git a/manual/arith.texi b/manual/arith.texi
-index 833e0c9..5c3aa9d 100644
---- a/manual/arith.texi
-+++ b/manual/arith.texi
-@@ -323,6 +323,7 @@ floating-point number a variable holds.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is a generic macro which works on all floating-point types and
- which returns a value of type @code{int}. The possible values are:
-
-@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite: not plus or
- minus infinity, and not NaN. It is equivalent to
-
-@@ -373,6 +375,7 @@ floating-point type.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite and normalized.
- It is equivalent to
-
-@@ -384,6 +387,7 @@ It is equivalent to
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is NaN. It is equivalent
- to
-
-@@ -395,6 +399,7 @@ to
- @comment math.h
- @comment GNU
- @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is a signaling NaN
- (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
- extension.
-@@ -2443,6 +2448,32 @@ as well.
- @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
- @c mpn, but it's all safe.
-+@c
-+@c round_and_return
-+@c get_rounding_mode ok
-+@c mpn_add_1 ok
-+@c mpn_rshift ok
-+@c MPN_ZERO ok
-+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
-+@c str_to_mpn
-+@c mpn_mul_1 -> umul_ppmm ok
-+@c mpn_add_1 ok
-+@c mpn_lshift_1 -> mpn_lshift ok
-+@c STRTOF_INTERNAL
-+@c MPN_VAR ok
-+@c SET_MANTISSA ok
-+@c STRNCASECMP ok, wide and narrow
-+@c round_and_return ok
-+@c mpn_mul ok
-+@c mpn_addmul_1 ok
-+@c ... mpn_sub
-+@c mpn_lshift ok
-+@c udiv_qrnnd ok
-+@c count_leading_zeros ok
-+@c add_ssaaaa ok
-+@c sub_ddmmss ok
-+@c umul_ppmm ok
-+@c mpn_submul_1 ok
- The @code{strtod} (``string-to-double'') function converts the initial
- part of @var{string} to a floating-point number, which is returned as a
- value of type @code{double}.
-diff --git a/manual/charset.texi b/manual/charset.texi
-index e21502e..7e6c416 100644
---- a/manual/charset.texi
-+++ b/manual/charset.texi
-@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
- @comment wchar.h
- @comment ISO
- @deftypefun int mbsinit (const mbstate_t *@var{ps})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c ps is dereferenced once, unguarded. Potential harmless data race.
- The @code{mbsinit} function determines whether the state object pointed
- to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
- the object is in the initial state the return value is nonzero. Otherwise
-@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
- @comment wchar.h
- @comment ISO
- @deftypefun wint_t btowc (int @var{c})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c Calls btowc_fct or __fct; reads from locale, and from the
-+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
-+@c __wcsmbs_load_conv to initialize the ctype if it's null.
-+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
-+@c memory for the fcts structure, initializing it, and then storing it
-+@c in the locale object. The initialization involves dlopening and a
-+@c lot more.
- The @code{btowc} function (``byte to wide character'') converts a valid
- single byte character @var{c} in the initial shift state into the wide
- character equivalent using the conversion rules from the currently
-@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
- @comment wchar.h
- @comment ISO
- @deftypefun int wctob (wint_t @var{c})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wctob} function (``wide character to byte'') takes as the
- parameter a valid wide character. If the multibyte representation for
- this character in the initial state is exactly one byte long, the return
-@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- @cindex stateful
- The @code{mbrtowc} function (``multibyte restartable to wide
- character'') converts the next multibyte character in the string pointed
-@@ -728,6 +740,7 @@ function that does part of the work.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbrlen} function (``multibyte restartable length'') computes
- the number of at most @var{n} bytes starting at @var{s}, which form the
- next valid and complete multibyte character.
-@@ -811,6 +824,50 @@ doing the work twice.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c wcrtomb uses a static, non-thread-local unguarded state variable when
-+@c PS is NULL. When a state is passed in, and it's not used
-+@c concurrently in other threads, this function behaves safely as long
-+@c as gconv modules don't bring MT safety issues of their own.
-+@c Attempting to load gconv modules or to build conversion chains in
-+@c signal handlers may encounter gconv databases or caches in a
-+@c partially-updated state, and asynchronous cancellation may leave them
-+@c in such states, besides leaking the lock that guards them.
-+@c get_gconv_fcts ok
-+@c wcsmbs_load_conv ok
-+@c norm_add_slashes ok
-+@c wcsmbs_getfct ok
-+@c gconv_find_transform ok
-+@c gconv_read_conf (libc_once)
-+@c gconv_lookup_cache ok
-+@c find_module_idx ok
-+@c find_module ok
-+@c gconv_find_shlib (ok)
-+@c ->init_fct (assumed ok)
-+@c gconv_get_builtin_trans ok
-+@c gconv_release_step ok
-+@c do_lookup_alias ok
-+@c find_derivation ok
-+@c derivation_lookup ok
-+@c increment_counter ok
-+@c gconv_find_shlib ok
-+@c step->init_fct (assumed ok)
-+@c gen_steps ok
-+@c gconv_find_shlib ok
-+@c dlopen (presumed ok)
-+@c dlsym (presumed ok)
-+@c step->init_fct (assumed ok)
-+@c step->end_fct (assumed ok)
-+@c gconv_get_builtin_trans ok
-+@c gconv_release_step ok
-+@c add_derivation ok
-+@c gconv_close_transform ok
-+@c gconv_release_step ok
-+@c step->end_fct (assumed ok)
-+@c gconv_release_shlib ok
-+@c dlclose (presumed ok)
-+@c gconv_release_cache ok
-+@c ->tomb->__fct (assumed ok)
- The @code{wcrtomb} function (``wide character restartable to
- multibyte'') converts a single wide character into a multibyte string
- corresponding to that wide character.
-@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbsrtowcs} function (``multibyte string restartable to wide
- character string'') converts an NUL-terminated multibyte character
- string at @code{*@var{src}} into an equivalent wide character string,
-@@ -1039,6 +1097,7 @@ length and passing this length to the function.
- @comment wchar.h
- @comment ISO
- @deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wcsrtombs} function (``wide character string restartable to
- multibyte string'') converts the NUL-terminated wide character string at
- @code{*@var{src}} into an equivalent multibyte character string and
-@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
- @comment wchar.h
- @comment GNU
- @deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
- function. All the parameters are the same except for @var{nmc}, which is
- new. The return value is the same as for @code{mbsrtowcs}.
-@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
- @comment wchar.h
- @comment GNU
- @deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
-+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wcsnrtombs} function implements the conversion from wide
- character strings to multibyte character strings. It is similar to
- @code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
-@@ -1280,6 +1341,7 @@ conversion functions.}
- @comment stdlib.h
- @comment ISO
- @deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mbtowc} (``multibyte to wide character'') function when called
- with non-null @var{string} converts the first multibyte character
- beginning at @var{string} to its corresponding wide character code. It
-@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
- @comment stdlib.h
- @comment ISO
- @deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wctomb} (``wide character to multibyte'') function converts
- the wide character code @var{wchar} to its corresponding multibyte
- character sequence, and stores the result in bytes starting at
-@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
- @comment stdlib.h
- @comment ISO
- @deftypefun int mblen (const char *@var{string}, size_t @var{size})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{mblen} function with a non-null @var{string} argument returns
- the number of bytes that make up the multibyte character beginning at
- @var{string}, never examining more than @var{size} bytes. (The idea is
-@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
- @comment stdlib.h
- @comment ISO
- @deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c Odd... Although this is in the non-reentrant section, the state
-+@c object is automatic, not a static buffer.
- The @code{mbstowcs} (``multibyte string to wide character string'')
- function converts the null-terminated string of multibyte characters
- @var{string} to an array of wide character codes, storing not more than
-@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
- @comment stdlib.h
- @comment ISO
- @deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
- The @code{wcstombs} (``wide character string to multibyte string'')
- function converts the null-terminated wide character array @var{wstring}
- into a string containing multibyte characters, storing not more than
-@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
- @comment iconv.h
- @comment XPG2
- @deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
-+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
-+@c strip and upstr on both, then gconv_open. strip and upstr call
-+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
-+@c tokenize toset, replace unspecified codesets with the current locale
-+@c (posibly two different accesses), and finally it calls
-+@c gconv_find_transform and initializes the gconv_t result with all the
-+@c steps in the conversion sequence, running each one's initializer,
-+@c destructing and releasing them all if anything fails.
-+
- The @code{iconv_open} function has to be used before starting a
- conversion. The two parameters this function takes determine the
- source and destination character set for the conversion, and if the
-@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
- @comment iconv.h
- @comment XPG2
- @deftypefun int iconv_close (iconv_t @var{cd})
-+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
-+@c Calls gconv_close to destruct and release each of the conversion
-+@c steps, release the gconv_t object, then call gconv_close_transform.
-+@c Access to the gconv_t object is not guarded, but calling iconv_close
-+@c concurrently with any other use is undefined.
-+
- The @code{iconv_close} function frees all resources associated with the
- handle @var{cd}, which must have been returned by a successful call to
- the @code{iconv_open} function.
-@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
- @comment iconv.h
- @comment XPG2
- @deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
-+@c Without guarding access to the gconv_t object pointed to by cd, call
-+@c the conversion function to convert inbuf or flush the internal
-+@c conversion state.
- @cindex stateful
- The @code{iconv} function converts the text in the input buffer
- according to the rules associated with the descriptor @var{cd} and
-diff --git a/manual/conf.texi b/manual/conf.texi
-index 7eb8b36..edbb2fd 100644
---- a/manual/conf.texi
-+++ b/manual/conf.texi
-@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {long int} sysconf (int @var{parameter})
-+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
-+@c Some parts of the implementation open /proc and /sys files and dirs
-+@c to collect system details, using fd and stream I/O depending on the
-+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
-+@c calls tzset_internal, that calls getenv if it's called the first
-+@c time; there are free and strdup calls in there too. The returned max
-+@c value may change over time for TZNAME_MAX, depending on selected
-+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
-+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
-+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
-+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
- This function is used to inquire about runtime system parameters. The
- @var{parameter} argument should be one of the @samp{_SC_} symbols listed
- below.
-@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
-+@c When __statfs_link_max finds an ext* filesystem, it may read
-+@c /proc/mounts or similar as a mntent stream.
-+@c __statfs_chown_restricted may read from
-+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
- This function is used to inquire about the limits that apply to
- the file named @var{filename}.
-
-@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
-+@c Same caveats as pathconf.
- This is just like @code{pathconf} except that an open file descriptor
- is used to specify the file for which information is requested, instead
- of a file name.
-@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
- @comment unistd.h
- @comment POSIX.2
- @deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function reads the value of a string-valued system parameter,
- storing the string into @var{len} bytes of memory space starting at
- @var{buf}. The @var{parameter} argument should be one of the
-diff --git a/manual/crypt.texi b/manual/crypt.texi
-index ef90590..5c9f6f7 100644
---- a/manual/crypt.texi
-+++ b/manual/crypt.texi
-@@ -92,7 +92,13 @@ in a convenient way.
- @comment unistd.h
- @comment BSD
- @deftypefun {char *} getpass (const char *@var{prompt})
--
-+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
-+@c This function will attempt to create a stream for terminal I/O, but
-+@c will fallback to stdio/stderr. It attempts to change the terminal
-+@c mode in a thread-unsafe way, write out the prompt, read the password,
-+@c then restore the terminal mode. It has a cleanup to close the stream
-+@c in case of (synchronous) cancellation, but not to restore the
-+@c terminal mode.
- @code{getpass} outputs @var{prompt}, then reads a string in from the
- terminal without echoing it. It tries to connect to the real terminal,
- @file{/dev/tty}, if possible, to encourage users not to put plaintext
-@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
- @comment crypt.h
- @comment BSD, SVID
- @deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
-+@c Besides the obvious problem of returning a pointer into static
-+@c storage, the DES initializer takes an internal lock with the usual
-+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
-+@c NSS implementations of may leak file descriptors if canceled. The
-+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
-+@c and NSS relies on dlopening, which brings about another can of worms.
-
- The @code{crypt} function takes a password, @var{key}, as a string, and
- a @var{salt} character array which is described below, and returns a
-@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
- @comment crypt.h
- @comment GNU
- @deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
-+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
-+@c Compared with crypt, this function fixes the staticbuf problem, but
-+@c nothing else.
-
- The @code{crypt_r} function does the same thing as @code{crypt}, but
- takes an extra parameter which includes space for its result (among
-@@ -233,6 +249,11 @@ specifies the unused bits.
- @comment crypt.h
- @comment BSD, SVID
- @deftypefun void setkey (const char *@var{key})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
-+@c The static buffer stores the key, making it fundamentally
-+@c thread-unsafe. The locking issues are only in the initialization
-+@c path; cancelling the initialization will leave the lock held, it
-+@c would otherwise repeat the initialization on the next call.
-
- The @code{setkey} function sets an internal data structure to be an
- expanded form of @var{key}. @var{key} is specified as an array of 64
-@@ -244,6 +265,8 @@ parity.
- @comment crypt.h
- @comment BSD, SVID
- @deftypefun void encrypt (char *@var{block}, int @var{edflag})
-+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
-+@c Same issues as setkey.
-
- The @code{encrypt} function encrypts @var{block} if
- @var{edflag} is 0, otherwise it decrypts @var{block}, using a key
-@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
- @comment crypt.h
- @comment GNU
- @deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
-+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
- @comment crypt.h
- @comment GNU
- @deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
-+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
-
- These are reentrant versions of @code{setkey} and @code{encrypt}. The
- only difference is the extra parameter, which stores the expanded
-@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
- @comment rpc/des_crypt.h
- @comment SUNRPC
- @deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The function @code{ecb_crypt} encrypts or decrypts one or more blocks
- using DES. Each block is encrypted independently.
-@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
- @comment rpc/des_crypt.h
- @comment SUNRPC
- @deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The function @code{cbc_crypt} encrypts or decrypts one or more blocks
- using DES in Cipher Block Chaining mode.
-@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
- @comment rpc/des_crypt.h
- @comment SUNRPC
- @deftypefun void des_setparity (char *@var{key})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- The function @code{des_setparity} changes the 64-bit @var{key}, stored
- packed in 8-bit bytes, to have odd parity by altering the low bits of
-diff --git a/manual/debug.texi b/manual/debug.texi
-index 1db9c18..ce0c263 100644
---- a/manual/debug.texi
-+++ b/manual/debug.texi
-@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
- @comment execinfo.h
- @comment GNU
- @deftypefun int backtrace (void **@var{buffer}, int @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Pointer chasing within the local stack.
- The @code{backtrace} function obtains a backtrace for the current
- thread, as a list of pointers, and places the information into
- @var{buffer}. The argument @var{size} should be the number of
-@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
- @comment execinfo.h
- @comment GNU
- @deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
-+@c Collects info returned by _dl_addr in auto array, allocates memory
-+@c for the whole return buffer with malloc then sprintfs into it storing
-+@c pointers to the strings into the array entries in the buffer.
-+@c _dl_addr takes the recursive dl_load_lock then calls
-+@c _dl_find_dso_for_object and determine_info.
-+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
-+@c All of them are safe as long as the lock is held.
-+@c asynconsist? It doesn't looke like the dynamic loader's data
-+@c structures could be in an inconsistent state that would cause
-+@c malfunction here.
- The @code{backtrace_symbols} function translates the information
- obtained from the @code{backtrace} function into an array of strings.
- The argument @var{buffer} should be a pointer to an array of addresses
-@@ -88,6 +101,11 @@ cannot be obtained.
- @comment execinfo.h
- @comment GNU
- @deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
-+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
-+@c Single loop of _dl_addr over addresses, collecting info into an iovec
-+@c written out with a writev call per iteration. Addresses and offsets
-+@c are converted to hex in auto buffers, so the only potential issue
-+@c here is leaking the dl lock in case of cancellation.
- The @code{backtrace_symbols_fd} function performs the same translation
- as the function @code{backtrace_symbols} function. Instead of returning
- the strings to the caller, it writes the strings to the file descriptor
-diff --git a/manual/errno.texi b/manual/errno.texi
-index 6c9fa86..eb3f412 100644
---- a/manual/errno.texi
-+++ b/manual/errno.texi
-@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
- @comment string.h
- @comment ISO
- @deftypefun {char *} strerror (int @var{errnum})
-+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
-+@c Calls strerror_r with a static buffer allocated with malloc on the
-+@c first use.
- The @code{strerror} function maps the error code (@pxref{Checking for
- Errors}) specified by the @var{errnum} argument to a descriptive error
- message string. The return value is a pointer to this string.
-@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
- @comment string.h
- @comment GNU
- @deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
-+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
- The @code{strerror_r} function works like @code{strerror} but instead of
- returning the error message in a statically allocated buffer shared by
- all threads in the process, it returns a private copy for the
-@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
- @comment stdio.h
- @comment ISO
- @deftypefun void perror (const char *@var{message})
-+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
-+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
-+@c oriented yet, create a new stream with a dup of stderr's fd and write
-+@c to that instead of stderr, to avoid orienting it.
- This function prints an error message to the stream @code{stderr};
- see @ref{Standard Streams}. The orientation of @code{stderr} is not
- changed.
-@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
- @comment error.h
- @comment GNU
- @deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
-+@c Cancellation is disabled throught the execution. It flushes stdout
-+@c and then holds a lock on stderr while printing the program name and
-+@c then running error_tail. The non-wide case just runs vfprintf; the
-+@c wide case converts the message to an alloca/malloc-allocated buffer
-+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
-+@c print_errno_message calls strerror_r and fxprintf.
- The @code{error} function can be used to report general problems during
- program execution. The @var{format} argument is a format string just
- like those given to the @code{printf} family of functions. The
-@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
- @comment error.h
- @comment GNU
- @deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
-+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
-+@c The error_one_per_line variable is accessed (without any form of
-+@c synchronization, but since it's an int used once, it should be safe
-+@c enough) and, if this mode is enabled, static variables used to hold
-+@c the last printed file name and line number are accessed and modified
-+@c without synchronization; the update is not atomic and it occurs
-+@c before disabling cancellation, so it can be interrupted after only
-+@c one of the two variables is modified. After that, it's very much
-+@c like error.
-
- The @code{error_at_line} function is very similar to the @code{error}
- function. The only difference are the additional parameters @var{fname}
-@@ -1582,6 +1606,8 @@ are included only for compatibility.
- @comment err.h
- @comment BSD
- @deftypefun void warn (const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c Just calls vwarn with the va_list.
- The @code{warn} function is roughly equivalent to a call like
- @smallexample
- error (0, errno, format, @r{the parameters})
-@@ -1594,6 +1620,11 @@ are not used.
- @comment err.h
- @comment BSD
- @deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c While holding stderr's recursive lock, it prints the programname, the
-+@c given message, and the error string with fw?printf's %m. When the
-+@c stream is wide, convert_and_print converts the format string to an
-+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
- The @code{vwarn} function is just like @code{warn} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
- @comment err.h
- @comment BSD
- @deftypefun void warnx (const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as warn, but without the strerror translation issues.
- The @code{warnx} function is roughly equivalent to a call like
- @smallexample
- error (0, 0, format, @r{the parameters})
-@@ -1615,6 +1648,8 @@ string is printed.
- @comment err.h
- @comment BSD
- @deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as vwarn, but without the strerror translation issues.
- The @code{vwarnx} function is just like @code{warnx} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
- @comment err.h
- @comment BSD
- @deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as warn followed by exit.
- The @code{err} function is roughly equivalent to a call like
- @smallexample
- error (status, errno, format, @r{the parameters})
-@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
- @comment err.h
- @comment BSD
- @deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as vwarn followed by exit.
- The @code{verr} function is just like @code{err} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
- @comment err.h
- @comment BSD
- @deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as warnx followed by exit.
- The @code{errx} function is roughly equivalent to a call like
- @smallexample
- error (status, 0, format, @r{the parameters})
-@@ -1657,6 +1698,8 @@ string is printed.
- @comment err.h
- @comment BSD
- @deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
-+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
-+@c Same as vwarnx followed by exit.
- The @code{verrx} function is just like @code{errx} except that the
- parameters for the handling of the format string @var{format} are passed
- in as an value of type @code{va_list}.
-diff --git a/manual/filesys.texi b/manual/filesys.texi
-index 1df9cf2..2244025 100644
---- a/manual/filesys.texi
-+++ b/manual/filesys.texi
-@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
- @comment unistd.h
- @comment POSIX.1
- @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c If buffer is NULL, this function calls malloc and realloc, and, in
-+@c case of error, free. Linux offers a getcwd syscall that we use on
-+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
-+@c fallback, and on other systems, the generic implementation opens each
-+@c parent directory with opendir, which allocates memory for the
-+@c directory stream with malloc. If a fstatat64 syscall is not
-+@c available, very deep directory trees may also have to malloc to build
-+@c longer sequences of ../../../... than those supported by a global
-+@c const read-only string.
-+
-+@c linux/__getcwd
-+@c posix/__getcwd
-+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
-+@c lstat64 -> see its own entry
-+@c fstatat64
-+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
-+@c openat64_not_cancel_3, close_not_cancel_no_status
-+@c __fdopendir, __opendir, __readdir, rewinddir
- The @code{getcwd} function returns an absolute file name representing
- the current working directory, storing it in the character array
- @var{buffer} that you provide. The @var{size} argument is how you tell
-@@ -116,6 +135,9 @@ software.
- @comment unistd.h
- @comment BSD
- @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
-+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
-+@c Besides the getcwd safety issues, it calls strerror_r on error, which
-+@c brings in all of the i18n issues.
- This is similar to @code{getcwd}, but has no way to specify the size of
- the buffer. @Theglibc{} provides @code{getwd} only
- for backwards compatibility with BSD.
-@@ -130,6 +152,9 @@ this function is deprecated.
- @comment unistd.h
- @comment GNU
- @deftypefun {char *} get_current_dir_name (void)
-+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides getcwd, which this function calls as a fallback, it calls
-+@c getenv, with the usual thread-safety issues that brings about.
- @vindex PWD
- This @code{get_current_dir_name} function is basically equivalent to
- @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
-@@ -145,6 +170,7 @@ This function is a GNU extension.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- @var{filename}.
-
-@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
- @comment unistd.h
- @comment XPG
- @deftypefun int fchdir (int @var{filedes})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is used to set the process's working directory to
- directory associated with the file descriptor @var{filedes}.
-
-@@ -294,12 +321,14 @@ values and @code{st_mode} values:
- @comment dirent.h
- @comment BSD
- @deftypefun int IFTODT (mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{d_type} value corresponding to @var{mode}.
- @end deftypefun
-
- @comment dirent.h
- @comment BSD
- @deftypefun mode_t DTTOIF (int @var{dtype})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This returns the @code{st_mode} value corresponding to @var{dtype}.
- @end deftypefun
- @end table
-@@ -342,6 +371,9 @@ the following functions.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {DIR *} opendir (const char *@var{dirname})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Besides the safe syscall, we have to allocate the DIR object with
-+@c __alloc_dir, that calls malloc.
- The @code{opendir} function opens and returns a directory stream for
- reading the directory whose file name is @var{dirname}. The stream has
- type @code{DIR *}.
-@@ -381,6 +413,8 @@ alternative interface can be used.
- @comment dirent.h
- @comment GNU
- @deftypefun {DIR *} fdopendir (int @var{fd})
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c The DIR object is allocated with __alloc_dir, that calls malloc.
- The @code{fdopendir} function works just like @code{opendir} but
- instead of taking a file name and opening a file descriptor for the
- directory the caller is required to provide a file descriptor. This
-@@ -425,6 +459,7 @@ access.
- @comment dirent.h
- @comment GNU
- @deftypefun int dirfd (DIR *@var{dirstream})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The function @code{dirfd} returns the file descriptor associated with
- the directory stream @var{dirstream}. This descriptor can be used until
- the directory is closed with @code{closedir}. If the directory stream
-@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
-+@c This function holds dirstream's non-recursive lock, which brings
-+@c about the usual issues with locks and async signals and cancellation,
-+@c but the lock taking is not enough to make the returned value safe to
-+@c use, since it points to a stream's internal buffer that can be
-+@c overwritten by subsequent calls or even released by closedir.
- This function reads the next entry from the directory. It normally
- returns a pointer to a structure containing information about the file.
- This structure is statically allocated and can be rewritten by a
-@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
- @comment dirent.h
- @comment GNU
- @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- This function is the reentrant version of @code{readdir}. Like
- @code{readdir} it returns the next entry from the directory. But to
- prevent conflicts between simultaneously running threads the result is
-@@ -516,6 +558,7 @@ of the last two functions.
- @comment dirent.h
- @comment LFS
- @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
-+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64} function is just like the @code{readdir} function
- except that it returns a pointer to a record of type @code{struct
- dirent64}. Some of the members of this data type (notably @code{d_ino})
-@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
- @comment dirent.h
- @comment LFS
- @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{readdir64_r} function is equivalent to the @code{readdir_r}
- function except that it takes parameters of base type @code{struct
- dirent64} instead of @code{struct dirent} in the second and third
-@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
- @comment dirent.h
- @comment POSIX.1
- @deftypefun int closedir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
-+@c No synchronization in the posix implementation, only in the hurd
-+@c one. This is regarded as safe because it is undefined behavior if
-+@c other threads could still be using the dir stream while it's closed.
- This function closes the directory stream @var{dirstream}. It returns
- @code{0} on success and @code{-1} on failure.
-
-@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
- @comment dirent.h
- @comment POSIX.1
- @deftypefun void rewinddir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
- The @code{rewinddir} function is used to reinitialize the directory
- stream @var{dirstream}, so that if you call @code{readdir} it
- returns information about the first entry in the directory again. This
-@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
- @comment dirent.h
- @comment BSD
- @deftypefun {long int} telldir (DIR *@var{dirstream})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{telldir} function returns the file position of the directory
- stream @var{dirstream}. You can use this value with @code{seekdir} to
- restore the directory stream to that position.
-@@ -597,6 +650,10 @@ restore the directory stream to that position.
- @comment dirent.h
- @comment BSD
- @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
-+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
-+@c The implementation is safe on most platforms, but on BSD it uses
-+@c cookies, buckets and records, and the global array of pointers to
-+@c dynamically allocated records is guarded by a non-recursive lock.
- The @code{seekdir} function sets the file position of the directory
- stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
- result of a previous call to @code{telldir} on this particular stream;
-@@ -616,6 +673,19 @@ the result.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c The scandir function calls __opendirat, __readdir, and __closedir to
-+@c go over the named dir; malloc and realloc to allocate the namelist
-+@c and copies of each selected dirent, besides the selector, if given,
-+@c and qsort and the cmp functions if the latter is given. In spite of
-+@c the cleanup handler that releases memory and the file descriptor in
-+@c case of synchronous cancellation, an asynchronous cancellation may
-+@c still leak memory and a file descriptor. Although readdir is unsafe
-+@c in general, the use of an internal dir stream for sequential scanning
-+@c of the directory with copying of dirents before subsequent calls
-+@c makes the use safe, and the fact that the dir stream is private to
-+@c each scandir call does away with the lock issues in readdir and
-+@c closedir.
-
- The @code{scandir} function scans the contents of the directory selected
- by @var{dir}. The result in *@var{namelist} is an array of pointers to
-@@ -646,6 +716,8 @@ are very helpful for this purpose.
- @comment dirent.h
- @comment BSD/SVID
- @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c Calls strcoll.
- The @code{alphasort} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c Calls strverscmp.
- The @code{versionsort} function is like @code{alphasort} except that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
- @comment dirent.h
- @comment GNU
- @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
-+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
-+@c See scandir.
- The @code{scandir64} function works like the @code{scandir} function
- except that the directory entries it returns are described by elements
- of type @w{@code{struct dirent64}}. The function pointed to by
-@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
- @comment dirent.h
- @comment GNU
- @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
-+@c See alphasort.
- The @code{alphasort64} function behaves like the @code{strcoll} function
- (@pxref{String/Array Comparison}). The difference is that the arguments
- are not string pointers but instead they are of type
-@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
- @comment dirent.h
- @comment GNU
- @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
-+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
-+@c See versionsort.
- The @code{versionsort64} function is like @code{alphasort64}, excepted that it
- uses the @code{strverscmp} function internally.
- @end deftypefun
-@@ -880,6 +960,8 @@ file was passed).
- @comment ftw.h
- @comment SVID
- @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
-+@c see nftw for safety details
- The @code{ftw} function calls the callback function given in the
- parameter @var{func} for every item which is found in the directory
- specified by @var{filename} and all directories below. The function
-@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
-+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
- This function is similar to @code{ftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
- @comment ftw.h
- @comment XPG4.2
- @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
-+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
-+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
-+@c if FTW_CHDIR, also calls fchdir
-+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
-+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
-+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
-+@c find_object (tsearch) and add_object (tfind).
-+@c Since each invocation of *ftw uses its own private search tree, none
-+@c of the search tree concurrency issues apply.
- The @code{nftw} function works like the @code{ftw} functions. They call
- the callback function @var{func} for all items found in the directory
- @var{filename} and below. At most @var{descriptors} file descriptors
-@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
- @comment ftw.h
- @comment Unix98
- @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
-+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
- This function is similar to @code{nftw} but it can work on filesystems
- with large files. File information is reported using a variable of type
- @code{struct stat64} which is passed by reference to the callback
-@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{link} function makes a new link to the existing file named by
- @var{oldname}, under the new name @var{newname}.
-
-@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
- @comment unistd.h
- @comment BSD
- @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{symlink} function makes a symbolic link to @var{oldname} named
- @var{newname}.
-
-@@ -1190,6 +1287,7 @@ exceeded.
- @comment unistd.h
- @comment BSD
- @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{readlink} function gets the value of the symbolic link
- @var{filename}. The file name that the link points to is copied into
- @var{buffer}. This file name string is @emph{not} null-terminated;
-@@ -1249,6 +1347,8 @@ names can refer to the same inode.
- @comment stdlib.h
- @comment GNU
- @deftypefun {char *} canonicalize_file_name (const char *@var{name})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls realpath.
-
- The @code{canonicalize_file_name} function returns the absolute name of
- the file named by @var{name} which contains no @code{.}, @code{..}
-@@ -1290,6 +1390,8 @@ where the result is placed in.
- @comment stdlib.h
- @comment XPG
- @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
-+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
-+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
-
- A call to @code{realpath} where the @var{resolved} parameter is
- @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
-@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int unlink (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{unlink} function deletes the file name @var{filename}. If
- this is a file's sole name, the file itself is also deleted. (Actually,
- if any process has the file open when this happens, deletion is
-@@ -1371,6 +1474,7 @@ file system and can't be modified.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int rmdir (const char *@var{filename})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- @cindex directories, deleting
- @cindex deleting a directory
- The @code{rmdir} function deletes a directory. The directory must be
-@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
- @comment stdio.h
- @comment ISO
- @deftypefun int remove (const char *@var{filename})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Calls unlink and rmdir.
- This is the @w{ISO C} function to remove a file. It works like
- @code{unlink} for files and like @code{rmdir} for directories.
- @code{remove} is declared in @file{stdio.h}.
-@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
- @comment stdio.h
- @comment ISO
- @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a rename syscall, there's an emulation with link
-+@c and unlink, but it's racy, even more so if newname exists and is
-+@c unlinked first.
- The @code{rename} function renames the file @var{oldname} to
- @var{newname}. The file formerly accessible under the name
- @var{oldname} is afterwards accessible as @var{newname} instead. (If
-@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{mkdir} function creates a new, empty directory with name
- @var{filename}.
-
-@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{stat} function returns information about the attributes of the
- file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
-
-@@ -1875,6 +1987,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{stat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{fstat} function is like @code{stat}, except that it takes an
- open file descriptor as an argument instead of a file name.
- @xref{Low-Level I/O}.
-@@ -1909,6 +2023,7 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function is similar to @code{fstat} but is able to work on large
- files on 32-bit platforms. For large files the file descriptor
- @var{filedes} should be obtained by @code{open64} or @code{creat64}.
-@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
- replaces the interface for small files on 32-bit machines.
- @end deftypefun
-
-+@c fstatat will call alloca and snprintf if the syscall is not
-+@c available.
-+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
-+
- @comment sys/stat.h
- @comment BSD
- @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat, sometimes with an xstat conv call
-+@c afterwards.
- The @code{lstat} function is like @code{stat}, except that it does not
- follow symbolic links. If @var{filename} is the name of a symbolic
- link, @code{lstat} returns information about the link itself; otherwise
-@@ -1936,6 +2058,9 @@ replaces the normal implementation.
- @comment sys/stat.h
- @comment Unix98
- @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Direct system call through lxstat64, sometimes with an xstat conv
-+@c call afterwards.
- This function is similar to @code{lstat} but it is also able to work on
- files larger then @math{2^31} bytes on 32-bit systems. To be able to do
- this the result is stored in a variable of type @code{struct stat64} to
-@@ -1974,12 +2099,14 @@ that file:
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISDIR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a directory.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISCHR (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a character special file (a
- device like a terminal).
- @end deftypefn
-@@ -1987,6 +2114,7 @@ device like a terminal).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISBLK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a block special file (a device
- like a disk).
- @end deftypefn
-@@ -1994,12 +2122,14 @@ like a disk).
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISREG (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a regular file.
- @end deftypefn
-
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_ISFIFO (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a FIFO special file, or a
- pipe. @xref{Pipes and FIFOs}.
- @end deftypefn
-@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISLNK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a symbolic link.
- @xref{Symbolic Links}.
- @end deftypefn
-@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
- @comment sys/stat.h
- @comment GNU
- @deftypefn Macro int S_ISSOCK (mode_t @var{m})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns non-zero if the file is a socket. @xref{Sockets}.
- @end deftypefn
-
-@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX message queues as distinct objects and the
- file is a message queue object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX semaphores as distinct objects and the
- file is a semaphore object, this macro returns a non-zero value.
- In all other cases the result is zero.
-@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
- @comment sys/stat.h
- @comment POSIX
- @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If the system implement POSIX shared memory objects as distinct objects
- and the file is an shared memory object, this macro returns a non-zero
- value. In all other cases the result is zero.
-@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chown} function changes the owner of the file @var{filename} to
- @var{owner}, and its group owner to @var{group}.
-
-@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
- @comment unistd.h
- @comment BSD
- @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chown}, except that it changes the owner of the open
- file with descriptor @var{filedes}.
-
-@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun mode_t umask (mode_t @var{mask})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{umask} function sets the file creation mask of the current
- process to @var{mask}, and returns the previous value of the file
- creation mask.
-@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
- @comment sys/stat.h
- @comment GNU
- @deftypefun mode_t getumask (void)
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Return the current value of the file creation mask for the current
- process. This function is a GNU extension and is only available on
- @gnuhurdsystems{}.
-@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
- @comment sys/stat.h
- @comment POSIX.1
- @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{chmod} function sets the access permission bits for the file
- named by @var{filename} to @var{mode}.
-
-@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is like @code{chmod}, except that it changes the permissions of the
- currently open file given by @var{filedes}.
-
-@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
- @comment unistd.h
- @comment POSIX.1
- @deftypefun int access (const char *@var{filename}, int @var{how})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- The @code{access} function checks to see whether the file named by
- @var{filename} can be accessed in the way specified by the @var{how}
- argument. The @var{how} argument either can be the bitwise OR of the
-@@ -2732,6 +2874,9 @@ This is the modification time for the file.
- @comment utime.h
- @comment POSIX.1
- @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utime syscall, it non-atomically converts times
-+@c to a struct timeval and calls utimes.
- This function is used to modify the file times associated with the file
- named @var{filename}.
-
-@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
- @comment sys/time.h
- @comment BSD
- @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c In the absence of a utimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, or to
-+@c struct utimbuf and calls utime.
- This function sets the file access and modification times of the file
- @var{filename}. The new file access time is specified by
- @code{@var{tvp}[0]}, and the new modification time by
-@@ -2797,6 +2946,9 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no lutimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall.
- This function is like @code{utimes}, except that it does not follow
- symbolic links. If @var{filename} is the name of a symbolic link,
- @code{lutimes} sets the file access and modification times of the
-@@ -2813,6 +2965,10 @@ function.
- @comment sys/time.h
- @comment BSD
- @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
-+@c Since there's no futimes syscall, it non-atomically converts tvp
-+@c to struct timespec array and issues a utimensat syscall, falling back
-+@c to utimes on a /proc/self/fd symlink.
- This function is like @code{utimes}, except that it takes an open file
- descriptor as an argument instead of a file name. @xref{Low-Level
- I/O}. This function comes from FreeBSD, and is not available on all
-@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
- @comment unistd.h
- @comment X/Open
- @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a truncate syscall, we use open and ftruncate.
-
- The @code{truncate} function changes the size of @var{filename} to
- @var{length}. If @var{length} is shorter than the previous length, data
-@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try truncate if length fits.
- This function is similar to the @code{truncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines, which allows the handling of files with sizes up to
-@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
- @comment unistd.h
- @comment POSIX
- @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-
- This is like @code{truncate}, but it works on a file descriptor @var{fd}
- for an opened file instead of a file name to identify the object. The
-@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
- @comment unistd.h
- @comment Unix98
- @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c In the absence of a syscall, try ftruncate if length fits.
- This function is similar to the @code{ftruncate} function. The
- difference is that the @var{length} argument is 64 bits wide even on 32
- bits machines which allows the handling of files with sizes up to
-@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
- @comment sys/stat.h
- @comment BSD
- @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Instead of issuing the syscall directly, we go through xmknod.
-+@c Although the internal xmknod takes a dev_t*, that could lead to
-+@c xguargs races, it's passed a pointer to mknod's dev.
- The @code{mknod} function makes a special file with name @var{filename}.
- The @var{mode} specifies the mode of the file, and may include the various
- special file bits, such as @code{S_IFCHR} (for a character special file)
-@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
- @comment stdio.h
- @comment ISO
- @deftypefun {FILE *} tmpfile (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
-+@c The unsafety issues are those of fdopen, plus fdleak because of the
-+@c open.
-+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
-+@c libc_secure_genenv only if try_tmpdir
-+@c xstat64, strlen, strcmp, sprintf
-+@c __gen_tempname (internal tmpl, __GT_FILE) ok
-+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
-+@c HP_TIMING_NOW if available ok
-+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
-+@c static value is used and modified without synchronization ok
-+@c but the use is as a source of non-cryptographic randomness
-+@c with retries in case of collision, so it should be safe
-+@c unlink, fdopen
- This function creates a temporary binary file for update mode, as if by
- calling @code{fopen} with mode @code{"wb+"}. The file is deleted
- automatically when it is closed or when the program terminates. (On
-@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
- @comment stdio.h
- @comment Unix98
- @deftypefun {FILE *} tmpfile64 (void)
-+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
- This function is similar to @code{tmpfile}, but the stream it returns a
- pointer to was opened using @code{tmpfile64}. Therefore this stream can
- be used for files larger then @math{2^31} bytes on 32-bit machines.
-@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
- @comment stdio.h
- @comment ISO
- @deftypefun {char *} tmpnam (char *@var{result})
-+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
-+@c The passed-in buffer should not be modified concurrently with the
-+@c call.
-+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
- This function constructs and returns a valid file name that does not
- refer to any existing file. If the @var{result} argument is a null
- pointer, the return value is a pointer to an internal static string,
-@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdio.h
- @comment GNU
- @deftypefun {char *} tmpnam_r (char *@var{result})
-+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
- This function is nearly identical to the @code{tmpnam} function, except
- that if @var{result} is a null pointer it returns a null pointer.
-
-@@ -3192,6 +3380,13 @@ never less than @code{25}.
- @comment stdio.h
- @comment SVID
- @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
-+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
-+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
-+@c even with a non-NULL dir, which makes this thread-unsafe.
-+@c
-+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
-+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
-+@c strdup
- This function generates a unique temporary file name. If @var{prefix}
- is not a null pointer, up to five characters of this string are used as
- a prefix for the file name. The return value is a string newly
-@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
- @comment stdlib.h
- @comment Unix
- @deftypefun {char *} mktemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
- The @code{mktemp} function generates a unique file name by modifying
- @var{template} as described above. If successful, it returns
- @var{template} as modified. If @code{mktemp} cannot find a unique file
-@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
- @comment stdlib.h
- @comment BSD
- @deftypefun int mkstemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
-+@c __gen_tempname (caller tmpl, __GT_FILE) ok
- The @code{mkstemp} function generates a unique file name just as
- @code{mktemp} does, but it also opens the file for you with @code{open}
- (@pxref{Opening and Closing Files}). If successful, it modifies
-@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
- @comment stdlib.h
- @comment BSD
- @deftypefun {char *} mkdtemp (char *@var{template})
-+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
-+@c __gen_tempname (caller tmpl, __GT_DIR) ok
- The @code{mkdtemp} function creates a directory with a unique name. If
- it succeeds, it overwrites @var{template} with the name of the
- directory, and returns @var{template}. As with @code{mktemp} and
-@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
- @xref{Creating Directories}.
-
- The @code{mkdtemp} function comes from OpenBSD.
-+
-+@c FIXME these are undocumented:
-+@c faccessat
-+@c fchmodat
-+@c fchownat
-+@c futimesat
-+@c fstatat
-+@c linkat
-+@c mkdirat
-+@c mkfifoat
-+@c name_to_handle_at
-+@c openat
-+@c open_by_handle_at
-+@c readlinkat
-+@c renameat
-+@c scandirat
-+@c symlinkat
-+@c unlinkat
-+@c utimensat
-+@c mknodat
-diff --git a/manual/getopt.texi b/manual/getopt.texi
-index f0b7283..3c1f4de 100644
---- a/manual/getopt.texi
-+++ b/manual/getopt.texi
-@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
- @comment unistd.h
- @comment POSIX.2
- @deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
-+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c It may swap argv elements but argv is not guarded, and the
-+@c modifications may be partial in case of cancellation. Calling getenv
-+@c also brings about thread-safety issues out of access and returning
-+@c pointers into the globally shared environment array, just like
-+@c calling gettext brings about a whole lot of AS and AC safety issues.
-+@c The getopt API involves returning values in the non-thread-specific
-+@c optarg variable, which adds another thread-safety issue. Given
-+@c print_errors, it may output errors to stderr, which may
-+@c self-deadlock, leak locks, or encounter (in a signal handler) or
-+@c leave (in case of cancellation) stderr in an inconsistent state.
-+@c Various implicit, indirect uses of malloc, in uses of memstream and
-+@c asprintf for error-printing, bring about the usual malloc issues.
-+@c (The explicit use of malloc in a conditional situation in
-+@c _getopt_initialize is never exercised in glibc.)
-+@c
-+@c _getopt_internal
-+@c _getopt_internal_r
-+@c gettext
-+@c _getopt_initialize
-+@c getenv
-+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
-+@c open_memstream
-+@c lockfile, unlockfile, __fxprintf -> stderr
-+@c asprintf
- The @code{getopt} function gets the next option argument from the
- argument list specified by the @var{argv} and @var{argc} arguments.
- Normally these values come directly from the arguments received by
-@@ -225,6 +250,8 @@ was seen.
- @comment getopt.h
- @comment GNU
- @deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
-+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c Same issues as getopt.
- Decode options from the vector @var{argv} (whose length is @var{argc}).
- The argument @var{shortopts} describes the short options to accept, just as
- it does in @code{getopt}. The argument @var{longopts} describes the long
-@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
- @comment getopt.h
- @comment GNU
- @deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
-+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
-+@c Same issues as getopt.
-
- The @code{getopt_long_only} function is equivalent to the
- @code{getopt_long} function but it allows to specify the user of the
-diff --git a/manual/intro.texi b/manual/intro.texi
-index 2630a77..e47832c 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
- @code{setlocale} should not be called while these functions are active.
-
-
-+@item @code{envromt}
-+@cindex envromt
-+
-+Functions marked with @code{envromt} access the environment with
-+@code{getenv} or similar, requiring the environment to be effectively
-+read-only for MT-Safe operation.
-+
-+Environment-modifying functions do not protect in any way against
-+concurrent modifications or access, so calling @code{envromt}-marked
-+functions concurrently with @code{setenv}, @code{putenv},
-+@code{unsetenv} or direct modifications of the global environment data
-+structures is ill-advised; external concurrency control must be
-+introduced by callers of these environment-modifying and
-+@code{envromt}-marked functions.
-+
-+Functions that modify the environment are also marked with
-+@code{envromt}, but they are not MT-Safe for the reasons above. Since
-+all environment-modifying functions are MT-Unsafe, functions that only
-+access the environment are marked as MT-Safe when no other safety issue
-+applies.
-+
-+
- @item @code{uunguard}
- @cindex uunguard
-
-@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
- modified concurrently by other threads or signal handlers.
-
-
-+@item @code{tempchwd}
-+@cindex tempchwd
-+
-+Functions marked with @code{tempchwd} may temporarily change the current
-+working directory during their execution, which may cause relative
-+pathnames to be resolved in unexpected ways in other threads or within
-+asynchronous signal or cancellation handlers.
-+
-+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
-+but when this behavior is optional (e.g., @code{nftw} with
-+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
-+a good alternative to using full pathnames or file descriptor-relative
-+(e.g. @code{openat}) system calls.
-+
-+
-+@item @code{tempterm}
-+@cindex tempterm
-+
-+Functions marked with @code{tempterm} may temporarily change the
-+terminal settings.
-+
-+This would not be enough of a reason to mark so-marked functions as
-+MT-Unsafe, but the recommended mode to modify terminal settings is to
-+call @code{tcgetattr}, modify some flags, and then call
-+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
-+they leave a window in which changes made by other threads are lost.
-+
-+It is thus advisable for applications using the terminal to avoid
-+concurrent interactions with it, more so if they expect different
-+terminal modes.
-+
-+If this mark appears as an AC-Safety note, it means the function may
-+also fail to restore the original terminal mode in case of asynchronous
-+cancellation.
-+
-+
- @end itemize
-
-
-@@ -305,11 +363,37 @@ as follows:
-
- Functions annotated with @code{staticbuf} use internal static buffers or
- variables in ways that may cause concurrent calls to interfere
--destructively.
-+destructively.
-
- These functions are all MT-Unsafe and AC-Unsafe. However, many of them
- offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
-
-+In many of these cases, the static buffer is only used to hold a return
-+value; in a few of these, such as @code{tmpnam}, the use of the internal
-+buffer can be avoided by passing the buffer as an argument, which makes
-+the call MT-Safe and AS-Safe.
-+
-+
-+@item @code{asi18n}
-+@cindex asi18n
-+
-+Functions marked with @code{asi18n} use internationalization functions
-+(@code{gettext}), which brings in a number of dependencies and issues
-+yet to be documented.
-+
-+
-+@item @code{shlimb}
-+@cindex shlimb
-+
-+Functions marked with @code{shlimb} use the dynamic loader to bring in
-+additional code modules. This involves opening files, mapping them into
-+memory, allocating additional memory, resolving symbols, applying
-+relocations and more, all of this while holding the dynamic loader
-+lock.
-+
-+The non-recursive lock itself is enough for the function to be AS- and
-+AC-Unsafe, but many other issues may arise.
-+
-
- @item @code{fdleak}
- @cindex fdleak
-@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
- Functions marked with @code{selfdeadlock} take a non-recursive lock to
- ensure MT-Safety while modifying data structures guarded by the lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the result is a deadlock.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, the result is a deadlock.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid a deadlock if any signal handler might need
-@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
- MT-Safety while accessing or modifying data structures guarded by the
- lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the latter function may observe a partially updated,
--inconsistent data structure, and misbehave.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, both may misbehave for
-+observing inconsistent (partially updated or cached) data structures.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid the misbehavior that may ensue if any signal
-@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
- only safe way to avoid the misbehavior that may ensure if the thread is
- canceled while the function is running.
-
-+@c A special case, probably not worth documenting separately, involves
-+@c reallocing, or even freeing pointers. Any case involving free could
-+@c be easily turned into an ac-safe memleak by resetting the pointer
-+@c before releasing it; I don't think we have any case that calls for
-+@c this sort of fixing. Fixing the realloc cases would require a new
-+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
-+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
-+@c before releasing the old memory. The ac-unsafe realloc could be
-+@c implemented in terms of an internal interface with this semantics
-+@c (say __acsafe_realloc), but since realloc can be overridden, the
-+@c function we call to implement realloc should not be this internal
-+@c interface, but another internal interface that calls __acsafe_realloc
-+@c if realloc was not overridden, and calls the overridden realloc with
-+@c async cancel disabled. --lxoliva
-+
-
- @item @code{simfpu}
- @cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index e415a47..7f2c050 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
-Top: 6ecb4948f5afac7b2e943164b461bf059c000127
+Bottom: c59759fbdfb422ada848ebdd3845677059986449
+Top: a8bc26b023f2d43016f043a1972e12edc1f31f8d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index d6b66ee..0fa4208 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: 6ecb4948f5afac7b2e943164b461bf059c000127
-Top: 6c9a45167e9f148c725e5d962b1cd083292f0adf
+Bottom: a8bc26b023f2d43016f043a1972e12edc1f31f8d
+Top: 6ef173fc60a9c842433354081fa0216e4430c1b8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
commit 4546f1ef42848ecd1b89ad15aa4c920e8aed77c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c48dff451b9a543c5f827092417468a0d6672c59
commit c48dff451b9a543c5f827092417468a0d6672c59
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0082110725464cff983520a32eac4c49ff25339e
commit 0082110725464cff983520a32eac4c49ff25339e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d1d06a086358b876405130714e2c5cf0d7740ab8
commit d1d06a086358b876405130714e2c5cf0d7740ab8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e3578b80d486c85ecfce6a21f09e9051d868468b
commit e3578b80d486c85ecfce6a21f09e9051d868468b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b035d6eeb7b48636043919617d515c88522ba6c3
commit b035d6eeb7b48636043919617d515c88522ba6c3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ce7a82428b383c27385283464762599a0000cba2
commit ce7a82428b383c27385283464762599a0000cba2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7f89734934ba539d84fdf02163f64ae84f795ac9
commit 7f89734934ba539d84fdf02163f64ae84f795ac9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=727a9c49e98194570a2c85e47c355bcc55398cd9
commit 727a9c49e98194570a2c85e47c355bcc55398cd9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e600904c5eab885a1a7c8aef6bb2f570bd201275
commit e600904c5eab885a1a7c8aef6bb2f570bd201275
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=95b0911edf2eb244430d9533ec0a8a3f7058581c
commit 95b0911edf2eb244430d9533ec0a8a3f7058581c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=296ae41496afc524f6f75648a3298a5419b46990
commit 296ae41496afc524f6f75648a3298a5419b46990
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
commit 5a1a8a43ebaa9cc6a6dc182bd931fbca63e7d866
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
commit 8b86b0ead9b1494ad7b0aa283a423813ed5e8bc7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=62694b21850cd676e82306bc82418b952b9d3d31
commit 62694b21850cd676e82306bc82418b952b9d3d31
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ff199e32650a502ca50da4736e82ed813e08fa4
commit 8ff199e32650a502ca50da4736e82ed813e08fa4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8f0d964f583cad6e1513d3ee7521ebca819e5751
commit 8f0d964f583cad6e1513d3ee7521ebca819e5751
Merge: cef7673 b4d906a 351fb37
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cef76738899cce255453eb45aba66aed9204d228
commit cef76738899cce255453eb45aba66aed9204d228
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh
diff --git a/meta b/meta
index 0ed9f4f..00e3714 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,8 @@
Version: 1
-Previous: 76dc6db481a93b17fc264340a48aa76e2afe8f75
-Head: cc2ab132a3cc951371827c846aa4dfa264ba321f
+Previous: b4d906acf0574484a2eee239e7c46c7e060297be
+Head: 351fb371fa127df8fa5e27b38a330e4258b35180
Applied:
- manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
- refresh-temp: cc2ab132a3cc951371827c846aa4dfa264ba321f
+ manual-document-mt-safety.patch: 351fb371fa127df8fa5e27b38a330e4258b35180
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 6bdec13..e164c49 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,5 +1,5 @@
Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
-Top: f865586a6c7ce831d9285c15a3df95a5b593b24b
+Top: c59759fbdfb422ada848ebdd3845677059986449
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:39 -0300
@@ -15,10 +15,10 @@ for ChangeLog
---
diff --git a/manual/intro.texi b/manual/intro.texi
-index deaf089..2630a77 100644
+index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
-@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
+@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
@@ -112,6 +112,28 @@ index deaf089..2630a77 100644
+@code{setlocale} should not be called while these functions are active.
+
+
++@item @code{envromt}
++@cindex envromt
++
++Functions marked with @code{envromt} access the environment with
++@code{getenv} or similar, requiring the environment to be effectively
++read-only for MT-Safe operation.
++
++Environment-modifying functions do not protect in any way against
++concurrent modifications or access, so calling @code{envromt}-marked
++functions concurrently with @code{setenv}, @code{putenv},
++@code{unsetenv} or direct modifications of the global environment data
++structures is ill-advised; external concurrency control must be
++introduced by callers of these environment-modifying and
++@code{envromt}-marked functions.
++
++Functions that modify the environment are also marked with
++@code{envromt}, but they are not MT-Safe for the reasons above. Since
++all environment-modifying functions are MT-Unsafe, functions that only
++access the environment are marked as MT-Safe when no other safety issue
++applies.
++
++
+@item @code{uunguard}
+@cindex uunguard
+
@@ -141,6 +163,42 @@ index deaf089..2630a77 100644
+modified concurrently by other threads or signal handlers.
+
+
++@item @code{tempchwd}
++@cindex tempchwd
++
++Functions marked with @code{tempchwd} may temporarily change the current
++working directory during their execution, which may cause relative
++pathnames to be resolved in unexpected ways in other threads or within
++asynchronous signal or cancellation handlers.
++
++This is not enough of a reason to mark so-marked functions as MT-Unsafe,
++but when this behavior is optional (e.g., @code{nftw} with
++@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
++a good alternative to using full pathnames or file descriptor-relative
++(e.g. @code{openat}) system calls.
++
++
++@item @code{tempterm}
++@cindex tempterm
++
++Functions marked with @code{tempterm} may temporarily change the
++terminal settings.
++
++This would not be enough of a reason to mark so-marked functions as
++MT-Unsafe, but the recommended mode to modify terminal settings is to
++call @code{tcgetattr}, modify some flags, and then call
++@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
++they leave a window in which changes made by other threads are lost.
++
++It is thus advisable for applications using the terminal to avoid
++concurrent interactions with it, more so if they expect different
++terminal modes.
++
++If this mark appears as an AC-Safety note, it means the function may
++also fail to restore the original terminal mode in case of asynchronous
++cancellation.
++
++
+@end itemize
+
+
@@ -155,11 +213,37 @@ index deaf089..2630a77 100644
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
-+destructively.
++destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
++In many of these cases, the static buffer is only used to hold a return
++value; in a few of these, such as @code{tmpnam}, the use of the internal
++buffer can be avoided by passing the buffer as an argument, which makes
++the call MT-Safe and AS-Safe.
++
++
++@item @code{asi18n}
++@cindex asi18n
++
++Functions marked with @code{asi18n} use internationalization functions
++(@code{gettext}), which brings in a number of dependencies and issues
++yet to be documented.
++
++
++@item @code{shlimb}
++@cindex shlimb
++
++Functions marked with @code{shlimb} use the dynamic loader to bring in
++additional code modules. This involves opening files, mapping them into
++memory, allocating additional memory, resolving symbols, applying
++relocations and more, all of this while holding the dynamic loader
++lock.
++
++The non-recursive lock itself is enough for the function to be AS- and
++AC-Unsafe, but many other issues may arise.
++
+
+@item @code{fdleak}
+@cindex fdleak
@@ -240,9 +324,8 @@ index deaf089..2630a77 100644
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
-+If such a function is interrupted by a signal while holding the lock,
-+and the signal handler calls any function that takes the same
-+non-recursive lock, the result is a deadlock.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
@@ -256,10 +339,9 @@ index deaf089..2630a77 100644
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
-+If such a function is interrupted by a signal while holding the lock,
-+and the signal handler calls any function that takes the same
-+non-recursive lock, the latter function may observe a partially updated,
-+inconsistent data structure, and misbehave.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, both may misbehave for
++observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
@@ -294,6 +376,21 @@ index deaf089..2630a77 100644
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
++@c A special case, probably not worth documenting separately, involves
++@c reallocing, or even freeing pointers. Any case involving free could
++@c be easily turned into an ac-safe memleak by resetting the pointer
++@c before releasing it; I don't think we have any case that calls for
++@c this sort of fixing. Fixing the realloc cases would require a new
++@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
++@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
++@c before releasing the old memory. The ac-unsafe realloc could be
++@c implemented in terms of an internal interface with this semantics
++@c (say __acsafe_realloc), but since realloc can be overridden, the
++@c function we call to implement realloc should not be this internal
++@c interface, but another internal interface that calls __acsafe_realloc
++@c if realloc was not overridden, and calls the overridden realloc with
++@c async cancel disabled. --lxoliva
++
+
+@item @code{simfpu}
+@cindex simfpu
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 0a83e12..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,172 +0,0 @@
-Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
-Top: c59759fbdfb422ada848ebdd3845677059986449
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:07:31 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-diff --git a/manual/intro.texi b/manual/intro.texi
-index 2630a77..e47832c 100644
---- a/manual/intro.texi
-+++ b/manual/intro.texi
-@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
- @code{setlocale} should not be called while these functions are active.
-
-
-+@item @code{envromt}
-+@cindex envromt
-+
-+Functions marked with @code{envromt} access the environment with
-+@code{getenv} or similar, requiring the environment to be effectively
-+read-only for MT-Safe operation.
-+
-+Environment-modifying functions do not protect in any way against
-+concurrent modifications or access, so calling @code{envromt}-marked
-+functions concurrently with @code{setenv}, @code{putenv},
-+@code{unsetenv} or direct modifications of the global environment data
-+structures is ill-advised; external concurrency control must be
-+introduced by callers of these environment-modifying and
-+@code{envromt}-marked functions.
-+
-+Functions that modify the environment are also marked with
-+@code{envromt}, but they are not MT-Safe for the reasons above. Since
-+all environment-modifying functions are MT-Unsafe, functions that only
-+access the environment are marked as MT-Safe when no other safety issue
-+applies.
-+
-+
- @item @code{uunguard}
- @cindex uunguard
-
-@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
- modified concurrently by other threads or signal handlers.
-
-
-+@item @code{tempchwd}
-+@cindex tempchwd
-+
-+Functions marked with @code{tempchwd} may temporarily change the current
-+working directory during their execution, which may cause relative
-+pathnames to be resolved in unexpected ways in other threads or within
-+asynchronous signal or cancellation handlers.
-+
-+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
-+but when this behavior is optional (e.g., @code{nftw} with
-+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
-+a good alternative to using full pathnames or file descriptor-relative
-+(e.g. @code{openat}) system calls.
-+
-+
-+@item @code{tempterm}
-+@cindex tempterm
-+
-+Functions marked with @code{tempterm} may temporarily change the
-+terminal settings.
-+
-+This would not be enough of a reason to mark so-marked functions as
-+MT-Unsafe, but the recommended mode to modify terminal settings is to
-+call @code{tcgetattr}, modify some flags, and then call
-+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
-+they leave a window in which changes made by other threads are lost.
-+
-+It is thus advisable for applications using the terminal to avoid
-+concurrent interactions with it, more so if they expect different
-+terminal modes.
-+
-+If this mark appears as an AC-Safety note, it means the function may
-+also fail to restore the original terminal mode in case of asynchronous
-+cancellation.
-+
-+
- @end itemize
-
-
-@@ -305,11 +363,37 @@ as follows:
-
- Functions annotated with @code{staticbuf} use internal static buffers or
- variables in ways that may cause concurrent calls to interfere
--destructively.
-+destructively.
-
- These functions are all MT-Unsafe and AC-Unsafe. However, many of them
- offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
-
-+In many of these cases, the static buffer is only used to hold a return
-+value; in a few of these, such as @code{tmpnam}, the use of the internal
-+buffer can be avoided by passing the buffer as an argument, which makes
-+the call MT-Safe and AS-Safe.
-+
-+
-+@item @code{asi18n}
-+@cindex asi18n
-+
-+Functions marked with @code{asi18n} use internationalization functions
-+(@code{gettext}), which brings in a number of dependencies and issues
-+yet to be documented.
-+
-+
-+@item @code{shlimb}
-+@cindex shlimb
-+
-+Functions marked with @code{shlimb} use the dynamic loader to bring in
-+additional code modules. This involves opening files, mapping them into
-+memory, allocating additional memory, resolving symbols, applying
-+relocations and more, all of this while holding the dynamic loader
-+lock.
-+
-+The non-recursive lock itself is enough for the function to be AS- and
-+AC-Unsafe, but many other issues may arise.
-+
-
- @item @code{fdleak}
- @cindex fdleak
-@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
- Functions marked with @code{selfdeadlock} take a non-recursive lock to
- ensure MT-Safety while modifying data structures guarded by the lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the result is a deadlock.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, the result is a deadlock.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid a deadlock if any signal handler might need
-@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
- MT-Safety while accessing or modifying data structures guarded by the
- lock.
-
--If such a function is interrupted by a signal while holding the lock,
--and the signal handler calls any function that takes the same
--non-recursive lock, the latter function may observe a partially updated,
--inconsistent data structure, and misbehave.
-+If such a function is called by a signal handler that interrupted
-+another such function that took the lock, both may misbehave for
-+observing inconsistent (partially updated or cached) data structures.
-
- Blocking asynchronous signal delivery while calling such functions is
- the only safe way to avoid the misbehavior that may ensue if any signal
-@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
- only safe way to avoid the misbehavior that may ensure if the thread is
- canceled while the function is running.
-
-+@c A special case, probably not worth documenting separately, involves
-+@c reallocing, or even freeing pointers. Any case involving free could
-+@c be easily turned into an ac-safe memleak by resetting the pointer
-+@c before releasing it; I don't think we have any case that calls for
-+@c this sort of fixing. Fixing the realloc cases would require a new
-+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
-+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
-+@c before releasing the old memory. The ac-unsafe realloc could be
-+@c implemented in terms of an internal interface with this semantics
-+@c (say __acsafe_realloc), but since realloc can be overridden, the
-+@c function we call to implement realloc should not be this internal
-+@c interface, but another internal interface that calls __acsafe_realloc
-+@c if realloc was not overridden, and calls the overridden realloc with
-+@c async cancel disabled. --lxoliva
-+
-
- @item @code{simfpu}
- @cindex simfpu
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b4d906acf0574484a2eee239e7c46c7e060297be
commit b4d906acf0574484a2eee239e7c46c7e060297be
Merge: e5b53da cc2ab13 76dc6db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e5b53dab5736d53f6414d24c50ecb9329a8f7391
commit e5b53dab5736d53f6414d24c50ecb9329a8f7391
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 6a14b79..0ed9f4f 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
-Head: f159288e81a5a769e1274527d307f82bd918d8e5
+Previous: 76dc6db481a93b17fc264340a48aa76e2afe8f75
+Head: cc2ab132a3cc951371827c846aa4dfa264ba321f
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
+ refresh-temp: cc2ab132a3cc951371827c846aa4dfa264ba321f
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..0a83e12
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,172 @@
+Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
+Top: c59759fbdfb422ada848ebdd3845677059986449
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:07:31 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index 2630a77..e47832c 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
+ @code{setlocale} should not be called while these functions are active.
+
+
++@item @code{envromt}
++@cindex envromt
++
++Functions marked with @code{envromt} access the environment with
++@code{getenv} or similar, requiring the environment to be effectively
++read-only for MT-Safe operation.
++
++Environment-modifying functions do not protect in any way against
++concurrent modifications or access, so calling @code{envromt}-marked
++functions concurrently with @code{setenv}, @code{putenv},
++@code{unsetenv} or direct modifications of the global environment data
++structures is ill-advised; external concurrency control must be
++introduced by callers of these environment-modifying and
++@code{envromt}-marked functions.
++
++Functions that modify the environment are also marked with
++@code{envromt}, but they are not MT-Safe for the reasons above. Since
++all environment-modifying functions are MT-Unsafe, functions that only
++access the environment are marked as MT-Safe when no other safety issue
++applies.
++
++
+ @item @code{uunguard}
+ @cindex uunguard
+
+@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
+ modified concurrently by other threads or signal handlers.
+
+
++@item @code{tempchwd}
++@cindex tempchwd
++
++Functions marked with @code{tempchwd} may temporarily change the current
++working directory during their execution, which may cause relative
++pathnames to be resolved in unexpected ways in other threads or within
++asynchronous signal or cancellation handlers.
++
++This is not enough of a reason to mark so-marked functions as MT-Unsafe,
++but when this behavior is optional (e.g., @code{nftw} with
++@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
++a good alternative to using full pathnames or file descriptor-relative
++(e.g. @code{openat}) system calls.
++
++
++@item @code{tempterm}
++@cindex tempterm
++
++Functions marked with @code{tempterm} may temporarily change the
++terminal settings.
++
++This would not be enough of a reason to mark so-marked functions as
++MT-Unsafe, but the recommended mode to modify terminal settings is to
++call @code{tcgetattr}, modify some flags, and then call
++@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
++they leave a window in which changes made by other threads are lost.
++
++It is thus advisable for applications using the terminal to avoid
++concurrent interactions with it, more so if they expect different
++terminal modes.
++
++If this mark appears as an AC-Safety note, it means the function may
++also fail to restore the original terminal mode in case of asynchronous
++cancellation.
++
++
+ @end itemize
+
+
+@@ -305,11 +363,37 @@ as follows:
+
+ Functions annotated with @code{staticbuf} use internal static buffers or
+ variables in ways that may cause concurrent calls to interfere
+-destructively.
++destructively.
+
+ These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+ offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
++In many of these cases, the static buffer is only used to hold a return
++value; in a few of these, such as @code{tmpnam}, the use of the internal
++buffer can be avoided by passing the buffer as an argument, which makes
++the call MT-Safe and AS-Safe.
++
++
++@item @code{asi18n}
++@cindex asi18n
++
++Functions marked with @code{asi18n} use internationalization functions
++(@code{gettext}), which brings in a number of dependencies and issues
++yet to be documented.
++
++
++@item @code{shlimb}
++@cindex shlimb
++
++Functions marked with @code{shlimb} use the dynamic loader to bring in
++additional code modules. This involves opening files, mapping them into
++memory, allocating additional memory, resolving symbols, applying
++relocations and more, all of this while holding the dynamic loader
++lock.
++
++The non-recursive lock itself is enough for the function to be AS- and
++AC-Unsafe, but many other issues may arise.
++
+
+ @item @code{fdleak}
+ @cindex fdleak
+@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
+ Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ ensure MT-Safety while modifying data structures guarded by the lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the result is a deadlock.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, the result is a deadlock.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid a deadlock if any signal handler might need
+@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
+ MT-Safety while accessing or modifying data structures guarded by the
+ lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the latter function may observe a partially updated,
+-inconsistent data structure, and misbehave.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, both may misbehave for
++observing inconsistent (partially updated or cached) data structures.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid the misbehavior that may ensue if any signal
+@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
+ only safe way to avoid the misbehavior that may ensure if the thread is
+ canceled while the function is running.
+
++@c A special case, probably not worth documenting separately, involves
++@c reallocing, or even freeing pointers. Any case involving free could
++@c be easily turned into an ac-safe memleak by resetting the pointer
++@c before releasing it; I don't think we have any case that calls for
++@c this sort of fixing. Fixing the realloc cases would require a new
++@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
++@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
++@c before releasing the old memory. The ac-unsafe realloc could be
++@c implemented in terms of an internal interface with this semantics
++@c (say __acsafe_realloc), but since realloc can be overridden, the
++@c function we call to implement realloc should not be this internal
++@c interface, but another internal interface that calls __acsafe_realloc
++@c if realloc was not overridden, and calls the overridden realloc with
++@c async cancel disabled. --lxoliva
++
+
+ @item @code{simfpu}
+ @cindex simfpu
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cc2ab132a3cc951371827c846aa4dfa264ba321f
commit cc2ab132a3cc951371827c846aa4dfa264ba321f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:31 2013 -0300
Refresh of manual-document-mt-safety.patch
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=76dc6db481a93b17fc264340a48aa76e2afe8f75
commit 76dc6db481a93b17fc264340a48aa76e2afe8f75
Merge: c92e698 d9c9f06
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:18 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c92e6984cabde57c3fca8e3eb572880c127081e0
commit c92e6984cabde57c3fca8e3eb572880c127081e0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:18 2013 -0300
push
diff --git a/meta b/meta
index 8ae9a1b..6a14b79 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,9 @@
Version: 1
-Previous: b1b6abe1cfb871cadb695ab02b83c4dd64019e63
-Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
+Previous: d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
+Head: f159288e81a5a769e1274527d307f82bd918d8e5
Applied:
-Unapplied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
commit d9c9f06fc82cd16d6b734513c4f0d533b3fdf2cf
Merge: 23e8267 b1b6abe ca0a6bc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:16 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=23e8267e7b64076cbdd271376d0e446282ec7848
commit 23e8267e7b64076cbdd271376d0e446282ec7848
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:07:16 2013 -0300
pop
diff --git a/meta b/meta
index d7dffb5..8ae9a1b 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
-Head: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
+Previous: b1b6abe1cfb871cadb695ab02b83c4dd64019e63
+Head: ca0a6bc4c5c53aa6c4a735c36336408a06b8cd89
Applied:
+Unapplied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
@@ -15,7 +16,6 @@ Applied:
manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
manual-document-mt-safety-getopt.patch: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
-Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b1b6abe1cfb871cadb695ab02b83c4dd64019e63
commit b1b6abe1cfb871cadb695ab02b83c4dd64019e63
Merge: ef9c434 b42c03a f79b9fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:37 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ef9c434101aae96d5d6e90f58ceb5d101c33d4c9
commit ef9c434101aae96d5d6e90f58ceb5d101c33d4c9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:37 2013 -0300
import
diff --git a/meta b/meta
index b6649b9..d7dffb5 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
-Head: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
+Previous: b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
+Head: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -14,6 +14,7 @@ Applied:
manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
+ manual-document-mt-safety-getopt.patch: f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-getopt.patch b/patches/manual-document-mt-safety-getopt.patch
new file mode 100644
index 0000000..d1ce979
--- /dev/null
+++ b/patches/manual-document-mt-safety-getopt.patch
@@ -0,0 +1,68 @@
+Bottom: c99f368a71f19ba8429c3534e1b674f3a20de73e
+Top: eaf7ea9f21df96f6e1ba6d92a8b44a2546e980f4
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:06:36 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/getopt.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/getopt.texi b/manual/getopt.texi
+index f0b7283..3c1f4de 100644
+--- a/manual/getopt.texi
++++ b/manual/getopt.texi
+@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c It may swap argv elements but argv is not guarded, and the
++@c modifications may be partial in case of cancellation. Calling getenv
++@c also brings about thread-safety issues out of access and returning
++@c pointers into the globally shared environment array, just like
++@c calling gettext brings about a whole lot of AS and AC safety issues.
++@c The getopt API involves returning values in the non-thread-specific
++@c optarg variable, which adds another thread-safety issue. Given
++@c print_errors, it may output errors to stderr, which may
++@c self-deadlock, leak locks, or encounter (in a signal handler) or
++@c leave (in case of cancellation) stderr in an inconsistent state.
++@c Various implicit, indirect uses of malloc, in uses of memstream and
++@c asprintf for error-printing, bring about the usual malloc issues.
++@c (The explicit use of malloc in a conditional situation in
++@c _getopt_initialize is never exercised in glibc.)
++@c
++@c _getopt_internal
++@c _getopt_internal_r
++@c gettext
++@c _getopt_initialize
++@c getenv
++@c malloc if USE_NONOPTION_FLAGS, never defined in libc
++@c open_memstream
++@c lockfile, unlockfile, __fxprintf -> stderr
++@c asprintf
+ The @code{getopt} function gets the next option argument from the
+ argument list specified by the @var{argv} and @var{argc} arguments.
+ Normally these values come directly from the arguments received by
+@@ -225,6 +250,8 @@ was seen.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+ Decode options from the vector @var{argv} (whose length is @var{argc}).
+ The argument @var{shortopts} describes the short options to accept, just as
+ it does in @code{getopt}. The argument @var{longopts} describes the long
+@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+
+ The @code{getopt_long_only} function is equivalent to the
+ @code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
commit f79b9fc6a64c2160e49b66d3ffd8beff25d0317b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:36 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/getopt.texi: Document thread safety properties.
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
commit b42c03a8ec5f571a7dcc0d8a373e9a46ef1b2844
Merge: 719c006 ceb20a5 9ae778a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=719c00675114f4846a42b628cbabc290a7cb1edc
commit 719c00675114f4846a42b628cbabc290a7cb1edc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
import
diff --git a/meta b/meta
index 7992004..b6649b9 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 99ddb1a0214122ee3ce2d4a4292978e1e00442a4
-Head: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
+Previous: ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
+Head: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -13,6 +13,7 @@ Applied:
manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
+ manual-document-mt-safety-filesys.patch: 9ae778a025f0908ba789a9e0cf5065ab0d53628a
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-filesys.patch b/patches/manual-document-mt-safety-filesys.patch
new file mode 100644
index 0000000..5f9b89d
--- /dev/null
+++ b/patches/manual-document-mt-safety-filesys.patch
@@ -0,0 +1,789 @@
+Bottom: e0c86b7119156c45d45fc7b8853dfb0c950448cb
+Top: c99f368a71f19ba8429c3534e1b674f3a20de73e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:06:03 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/filesys.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 1df9cf2..2244025 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c If buffer is NULL, this function calls malloc and realloc, and, in
++@c case of error, free. Linux offers a getcwd syscall that we use on
++@c GNU/Linux systems, but it may fail if the pathname is too long. As a
++@c fallback, and on other systems, the generic implementation opens each
++@c parent directory with opendir, which allocates memory for the
++@c directory stream with malloc. If a fstatat64 syscall is not
++@c available, very deep directory trees may also have to malloc to build
++@c longer sequences of ../../../... than those supported by a global
++@c const read-only string.
++
++@c linux/__getcwd
++@c posix/__getcwd
++@c malloc/realloc/free if buffer is NULL, or if dir is too deep
++@c lstat64 -> see its own entry
++@c fstatat64
++@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
++@c openat64_not_cancel_3, close_not_cancel_no_status
++@c __fdopendir, __opendir, __readdir, rewinddir
+ The @code{getcwd} function returns an absolute file name representing
+ the current working directory, storing it in the character array
+ @var{buffer} that you provide. The @var{size} argument is how you tell
+@@ -116,6 +135,9 @@ software.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
++@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
++@c Besides the getcwd safety issues, it calls strerror_r on error, which
++@c brings in all of the i18n issues.
+ This is similar to @code{getcwd}, but has no way to specify the size of
+ the buffer. @Theglibc{} provides @code{getwd} only
+ for backwards compatibility with BSD.
+@@ -130,6 +152,9 @@ this function is deprecated.
+ @comment unistd.h
+ @comment GNU
+ @deftypefun {char *} get_current_dir_name (void)
++@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides getcwd, which this function calls as a fallback, it calls
++@c getenv, with the usual thread-safety issues that brings about.
+ @vindex PWD
+ This @code{get_current_dir_name} function is basically equivalent to
+ @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
+@@ -145,6 +170,7 @@ This function is a GNU extension.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ @var{filename}.
+
+@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
+ @comment unistd.h
+ @comment XPG
+ @deftypefun int fchdir (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ directory associated with the file descriptor @var{filedes}.
+
+@@ -294,12 +321,14 @@ values and @code{st_mode} values:
+ @comment dirent.h
+ @comment BSD
+ @deftypefun int IFTODT (mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{d_type} value corresponding to @var{mode}.
+ @end deftypefun
+
+ @comment dirent.h
+ @comment BSD
+ @deftypefun mode_t DTTOIF (int @var{dtype})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{st_mode} value corresponding to @var{dtype}.
+ @end deftypefun
+ @end table
+@@ -342,6 +371,9 @@ the following functions.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {DIR *} opendir (const char *@var{dirname})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides the safe syscall, we have to allocate the DIR object with
++@c __alloc_dir, that calls malloc.
+ The @code{opendir} function opens and returns a directory stream for
+ reading the directory whose file name is @var{dirname}. The stream has
+ type @code{DIR *}.
+@@ -381,6 +413,8 @@ alternative interface can be used.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun {DIR *} fdopendir (int @var{fd})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c The DIR object is allocated with __alloc_dir, that calls malloc.
+ The @code{fdopendir} function works just like @code{opendir} but
+ instead of taking a file name and opening a file descriptor for the
+ directory the caller is required to provide a file descriptor. This
+@@ -425,6 +459,7 @@ access.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int dirfd (DIR *@var{dirstream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The function @code{dirfd} returns the file descriptor associated with
+ the directory stream @var{dirstream}. This descriptor can be used until
+ the directory is closed with @code{closedir}. If the directory stream
+@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c This function holds dirstream's non-recursive lock, which brings
++@c about the usual issues with locks and async signals and cancellation,
++@c but the lock taking is not enough to make the returned value safe to
++@c use, since it points to a stream's internal buffer that can be
++@c overwritten by subsequent calls or even released by closedir.
+ This function reads the next entry from the directory. It normally
+ returns a pointer to a structure containing information about the file.
+ This structure is statically allocated and can be rewritten by a
+@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is the reentrant version of @code{readdir}. Like
+ @code{readdir} it returns the next entry from the directory. But to
+ prevent conflicts between simultaneously running threads the result is
+@@ -516,6 +558,7 @@ of the last two functions.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64} function is just like the @code{readdir} function
+ except that it returns a pointer to a record of type @code{struct
+ dirent64}. Some of the members of this data type (notably @code{d_ino})
+@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64_r} function is equivalent to the @code{readdir_r}
+ function except that it takes parameters of base type @code{struct
+ dirent64} instead of @code{struct dirent} in the second and third
+@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun int closedir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
++@c No synchronization in the posix implementation, only in the hurd
++@c one. This is regarded as safe because it is undefined behavior if
++@c other threads could still be using the dir stream while it's closed.
+ This function closes the directory stream @var{dirstream}. It returns
+ @code{0} on success and @code{-1} on failure.
+
+@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun void rewinddir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{rewinddir} function is used to reinitialize the directory
+ stream @var{dirstream}, so that if you call @code{readdir} it
+ returns information about the first entry in the directory again. This
+@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
+ @comment dirent.h
+ @comment BSD
+ @deftypefun {long int} telldir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{telldir} function returns the file position of the directory
+ stream @var{dirstream}. You can use this value with @code{seekdir} to
+ restore the directory stream to that position.
+@@ -597,6 +650,10 @@ restore the directory stream to that position.
+ @comment dirent.h
+ @comment BSD
+ @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{seekdir} function sets the file position of the directory
+ stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
+ result of a previous call to @code{telldir} on this particular stream;
+@@ -616,6 +673,19 @@ the result.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c The scandir function calls __opendirat, __readdir, and __closedir to
++@c go over the named dir; malloc and realloc to allocate the namelist
++@c and copies of each selected dirent, besides the selector, if given,
++@c and qsort and the cmp functions if the latter is given. In spite of
++@c the cleanup handler that releases memory and the file descriptor in
++@c case of synchronous cancellation, an asynchronous cancellation may
++@c still leak memory and a file descriptor. Although readdir is unsafe
++@c in general, the use of an internal dir stream for sequential scanning
++@c of the directory with copying of dirents before subsequent calls
++@c makes the use safe, and the fact that the dir stream is private to
++@c each scandir call does away with the lock issues in readdir and
++@c closedir.
+
+ The @code{scandir} function scans the contents of the directory selected
+ by @var{dir}. The result in *@var{namelist} is an array of pointers to
+@@ -646,6 +716,8 @@ are very helpful for this purpose.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Calls strcoll.
+ The @code{alphasort} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls strverscmp.
+ The @code{versionsort} function is like @code{alphasort} except that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c See scandir.
+ The @code{scandir64} function works like the @code{scandir} function
+ except that the directory entries it returns are described by elements
+ of type @w{@code{struct dirent64}}. The function pointed to by
+@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c See alphasort.
+ The @code{alphasort64} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c See versionsort.
+ The @code{versionsort64} function is like @code{alphasort64}, excepted that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -880,6 +960,8 @@ file was passed).
+ @comment ftw.h
+ @comment SVID
+ @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
++@c see nftw for safety details
+ The @code{ftw} function calls the callback function given in the
+ parameter @var{func} for every item which is found in the directory
+ specified by @var{filename} and all directories below. The function
+@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+ This function is similar to @code{ftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
+ @comment ftw.h
+ @comment XPG4.2
+ @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
++@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
++@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
++@c if FTW_CHDIR, also calls fchdir
++@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
++@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
++@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
++@c find_object (tsearch) and add_object (tfind).
++@c Since each invocation of *ftw uses its own private search tree, none
++@c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
+ the callback function @var{func} for all items found in the directory
+ @var{filename} and below. At most @var{descriptors} file descriptors
+@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+ This function is similar to @code{nftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{link} function makes a new link to the existing file named by
+ @var{oldname}, under the new name @var{newname}.
+
+@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{symlink} function makes a symbolic link to @var{oldname} named
+ @var{newname}.
+
+@@ -1190,6 +1287,7 @@ exceeded.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{readlink} function gets the value of the symbolic link
+ @var{filename}. The file name that the link points to is copied into
+ @var{buffer}. This file name string is @emph{not} null-terminated;
+@@ -1249,6 +1347,8 @@ names can refer to the same inode.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} canonicalize_file_name (const char *@var{name})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls realpath.
+
+ The @code{canonicalize_file_name} function returns the absolute name of
+ the file named by @var{name} which contains no @code{.}, @code{..}
+@@ -1290,6 +1390,8 @@ where the result is placed in.
+ @comment stdlib.h
+ @comment XPG
+ @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
+
+ A call to @code{realpath} where the @var{resolved} parameter is
+ @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
+@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int unlink (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{unlink} function deletes the file name @var{filename}. If
+ this is a file's sole name, the file itself is also deleted. (Actually,
+ if any process has the file open when this happens, deletion is
+@@ -1371,6 +1474,7 @@ file system and can't be modified.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int rmdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @cindex directories, deleting
+ @cindex deleting a directory
+ The @code{rmdir} function deletes a directory. The directory must be
+@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int remove (const char *@var{filename})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Calls unlink and rmdir.
+ This is the @w{ISO C} function to remove a file. It works like
+ @code{unlink} for files and like @code{rmdir} for directories.
+ @code{remove} is declared in @file{stdio.h}.
+@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a rename syscall, there's an emulation with link
++@c and unlink, but it's racy, even more so if newname exists and is
++@c unlinked first.
+ The @code{rename} function renames the file @var{oldname} to
+ @var{newname}. The file formerly accessible under the name
+ @var{oldname} is afterwards accessible as @var{newname} instead. (If
+@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{mkdir} function creates a new, empty directory with name
+ @var{filename}.
+
+@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{stat} function returns information about the attributes of the
+ file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
+
+@@ -1875,6 +1987,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{stat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fstat} function is like @code{stat}, except that it takes an
+ open file descriptor as an argument instead of a file name.
+ @xref{Low-Level I/O}.
+@@ -1909,6 +2023,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{fstat} but is able to work on large
+ files on 32-bit platforms. For large files the file descriptor
+ @var{filedes} should be obtained by @code{open64} or @code{creat64}.
+@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
+ replaces the interface for small files on 32-bit machines.
+ @end deftypefun
+
++@c fstatat will call alloca and snprintf if the syscall is not
++@c available.
++@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat, sometimes with an xstat conv call
++@c afterwards.
+ The @code{lstat} function is like @code{stat}, except that it does not
+ follow symbolic links. If @var{filename} is the name of a symbolic
+ link, @code{lstat} returns information about the link itself; otherwise
+@@ -1936,6 +2058,9 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat64, sometimes with an xstat conv
++@c call afterwards.
+ This function is similar to @code{lstat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1974,12 +2099,14 @@ that file:
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISDIR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a directory.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISCHR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a character special file (a
+ device like a terminal).
+ @end deftypefn
+@@ -1987,6 +2114,7 @@ device like a terminal).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISBLK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a block special file (a device
+ like a disk).
+ @end deftypefn
+@@ -1994,12 +2122,14 @@ like a disk).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISREG (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a regular file.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISFIFO (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a FIFO special file, or a
+ pipe. @xref{Pipes and FIFOs}.
+ @end deftypefn
+@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISLNK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a symbolic link.
+ @xref{Symbolic Links}.
+ @end deftypefn
+@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISSOCK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a socket. @xref{Sockets}.
+ @end deftypefn
+
+@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX message queues as distinct objects and the
+ file is a message queue object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX semaphores as distinct objects and the
+ file is a semaphore object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX shared memory objects as distinct objects
+ and the file is an shared memory object, this macro returns a non-zero
+ value. In all other cases the result is zero.
+@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chown} function changes the owner of the file @var{filename} to
+ @var{owner}, and its group owner to @var{group}.
+
+@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chown}, except that it changes the owner of the open
+ file with descriptor @var{filedes}.
+
+@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun mode_t umask (mode_t @var{mask})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{umask} function sets the file creation mask of the current
+ process to @var{mask}, and returns the previous value of the file
+ creation mask.
+@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefun mode_t getumask (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Return the current value of the file creation mask for the current
+ process. This function is a GNU extension and is only available on
+ @gnuhurdsystems{}.
+@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chmod} function sets the access permission bits for the file
+ named by @var{filename} to @var{mode}.
+
+@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chmod}, except that it changes the permissions of the
+ currently open file given by @var{filedes}.
+
+@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int access (const char *@var{filename}, int @var{how})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{access} function checks to see whether the file named by
+ @var{filename} can be accessed in the way specified by the @var{how}
+ argument. The @var{how} argument either can be the bitwise OR of the
+@@ -2732,6 +2874,9 @@ This is the modification time for the file.
+ @comment utime.h
+ @comment POSIX.1
+ @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utime syscall, it non-atomically converts times
++@c to a struct timeval and calls utimes.
+ This function is used to modify the file times associated with the file
+ named @var{filename}.
+
+@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, or to
++@c struct utimbuf and calls utime.
+ This function sets the file access and modification times of the file
+ @var{filename}. The new file access time is specified by
+ @code{@var{tvp}[0]}, and the new modification time by
+@@ -2797,6 +2946,9 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no lutimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall.
+ This function is like @code{utimes}, except that it does not follow
+ symbolic links. If @var{filename} is the name of a symbolic link,
+ @code{lutimes} sets the file access and modification times of the
+@@ -2813,6 +2965,10 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no futimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, falling back
++@c to utimes on a /proc/self/fd symlink.
+ This function is like @code{utimes}, except that it takes an open file
+ descriptor as an argument instead of a file name. @xref{Low-Level
+ I/O}. This function comes from FreeBSD, and is not available on all
+@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a truncate syscall, we use open and ftruncate.
+
+ The @code{truncate} function changes the size of @var{filename} to
+ @var{length}. If @var{length} is shorter than the previous length, data
+@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try truncate if length fits.
+ This function is similar to the @code{truncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines, which allows the handling of files with sizes up to
+@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This is like @code{truncate}, but it works on a file descriptor @var{fd}
+ for an opened file instead of a file name to identify the object. The
+@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try ftruncate if length fits.
+ This function is similar to the @code{ftruncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines which allows the handling of files with sizes up to
+@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Instead of issuing the syscall directly, we go through xmknod.
++@c Although the internal xmknod takes a dev_t*, that could lead to
++@c xguargs races, it's passed a pointer to mknod's dev.
+ The @code{mknod} function makes a special file with name @var{filename}.
+ The @var{mode} specifies the mode of the file, and may include the various
+ special file bits, such as @code{S_IFCHR} (for a character special file)
+@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} tmpfile (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c The unsafety issues are those of fdopen, plus fdleak because of the
++@c open.
++@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
++@c libc_secure_genenv only if try_tmpdir
++@c xstat64, strlen, strcmp, sprintf
++@c __gen_tempname (internal tmpl, __GT_FILE) ok
++@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
++@c HP_TIMING_NOW if available ok
++@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
++@c static value is used and modified without synchronization ok
++@c but the use is as a source of non-cryptographic randomness
++@c with retries in case of collision, so it should be safe
++@c unlink, fdopen
+ This function creates a temporary binary file for update mode, as if by
+ calling @code{fopen} with mode @code{"wb+"}. The file is deleted
+ automatically when it is closed or when the program terminates. (On
+@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} tmpfile64 (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{tmpfile}, but the stream it returns a
+ pointer to was opened using @code{tmpfile64}. Therefore this stream can
+ be used for files larger then @math{2^31} bytes on 32-bit machines.
+@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} tmpnam (char *@var{result})
++@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
++@c The passed-in buffer should not be modified concurrently with the
++@c call.
++@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+ This function constructs and returns a valid file name that does not
+ refer to any existing file. If the @var{result} argument is a null
+ pointer, the return value is a pointer to an internal static string,
+@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} tmpnam_r (char *@var{result})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ This function is nearly identical to the @code{tmpnam} function, except
+ that if @var{result} is a null pointer it returns a null pointer.
+
+@@ -3192,6 +3380,13 @@ never less than @code{25}.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
++@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
++@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
++@c even with a non-NULL dir, which makes this thread-unsafe.
++@c
++@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
++@c strdup
+ This function generates a unique temporary file name. If @var{prefix}
+ is not a null pointer, up to five characters of this string are used as
+ a prefix for the file name. The return value is a string newly
+@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment Unix
+ @deftypefun {char *} mktemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
+ The @code{mktemp} function generates a unique file name by modifying
+ @var{template} as described above. If successful, it returns
+ @var{template} as modified. If @code{mktemp} cannot find a unique file
+@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun int mkstemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
++@c __gen_tempname (caller tmpl, __GT_FILE) ok
+ The @code{mkstemp} function generates a unique file name just as
+ @code{mktemp} does, but it also opens the file for you with @code{open}
+ (@pxref{Opening and Closing Files}). If successful, it modifies
+@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {char *} mkdtemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_DIR) ok
+ The @code{mkdtemp} function creates a directory with a unique name. If
+ it succeeds, it overwrites @var{template} with the name of the
+ directory, and returns @var{template}. As with @code{mktemp} and
+@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
+ @xref{Creating Directories}.
+
+ The @code{mkdtemp} function comes from OpenBSD.
++
++@c FIXME these are undocumented:
++@c faccessat
++@c fchmodat
++@c fchownat
++@c futimesat
++@c fstatat
++@c linkat
++@c mkdirat
++@c mkfifoat
++@c name_to_handle_at
++@c openat
++@c open_by_handle_at
++@c readlinkat
++@c renameat
++@c scandirat
++@c symlinkat
++@c unlinkat
++@c utimensat
++@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9ae778a025f0908ba789a9e0cf5065ab0d53628a
commit 9ae778a025f0908ba789a9e0cf5065ab0d53628a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:06:03 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/filesys.texi: Document thread safety properties.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
commit ceb20a507e59205b8f5c6c2fa25d16b76a422c4e
Merge: 062c00c 99ddb1a 6c7e1ff
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=062c00c3e50ab93e97a8ed26286888206052e6ed
commit 062c00c3e50ab93e97a8ed26286888206052e6ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
import
diff --git a/meta b/meta
index 0437233..7992004 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4d8b595aa808366628a3d60761726294a8eb41f7
-Head: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
+Previous: 99ddb1a0214122ee3ce2d4a4292978e1e00442a4
+Head: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -12,6 +12,7 @@ Applied:
manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
+ manual-document-mt-safety-errno.patch: 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-errno.patch b/patches/manual-document-mt-safety-errno.patch
new file mode 100644
index 0000000..75e4099
--- /dev/null
+++ b/patches/manual-document-mt-safety-errno.patch
@@ -0,0 +1,152 @@
+Bottom: d9693aa296c06ebe3fdaa8817d28a446b893fe25
+Top: e0c86b7119156c45d45fc7b8853dfb0c950448cb
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:05:34 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/errno.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/errno.texi b/manual/errno.texi
+index 6c9fa86..eb3f412 100644
+--- a/manual/errno.texi
++++ b/manual/errno.texi
+@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
+ @comment string.h
+ @comment ISO
+ @deftypefun {char *} strerror (int @var{errnum})
++@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
++@c Calls strerror_r with a static buffer allocated with malloc on the
++@c first use.
+ The @code{strerror} function maps the error code (@pxref{Checking for
+ Errors}) specified by the @var{errnum} argument to a descriptive error
+ message string. The return value is a pointer to this string.
+@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
+ @comment string.h
+ @comment GNU
+ @deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
++@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
+ The @code{strerror_r} function works like @code{strerror} but instead of
+ returning the error message in a statically allocated buffer shared by
+ all threads in the process, it returns a private copy for the
+@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void perror (const char *@var{message})
++@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
++@c Besides strerror_r's and some of fprintf's issues, if stderr is not
++@c oriented yet, create a new stream with a dup of stderr's fd and write
++@c to that instead of stderr, to avoid orienting it.
+ This function prints an error message to the stream @code{stderr};
+ see @ref{Standard Streams}. The orientation of @code{stderr} is not
+ changed.
+@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
++@c Cancellation is disabled throught the execution. It flushes stdout
++@c and then holds a lock on stderr while printing the program name and
++@c then running error_tail. The non-wide case just runs vfprintf; the
++@c wide case converts the message to an alloca/malloc-allocated buffer
++@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
++@c print_errno_message calls strerror_r and fxprintf.
+ The @code{error} function can be used to report general problems during
+ program execution. The @var{format} argument is a format string just
+ like those given to the @code{printf} family of functions. The
+@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
++@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
++@c The error_one_per_line variable is accessed (without any form of
++@c synchronization, but since it's an int used once, it should be safe
++@c enough) and, if this mode is enabled, static variables used to hold
++@c the last printed file name and line number are accessed and modified
++@c without synchronization; the update is not atomic and it occurs
++@c before disabling cancellation, so it can be interrupted after only
++@c one of the two variables is modified. After that, it's very much
++@c like error.
+
+ The @code{error_at_line} function is very similar to the @code{error}
+ function. The only difference are the additional parameters @var{fname}
+@@ -1582,6 +1606,8 @@ are included only for compatibility.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warn (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Just calls vwarn with the va_list.
+ The @code{warn} function is roughly equivalent to a call like
+ @smallexample
+ error (0, errno, format, @r{the parameters})
+@@ -1594,6 +1620,11 @@ are not used.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c While holding stderr's recursive lock, it prints the programname, the
++@c given message, and the error string with fw?printf's %m. When the
++@c stream is wide, convert_and_print converts the format string to an
++@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
+ The @code{vwarn} function is just like @code{warn} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warnx (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn, but without the strerror translation issues.
+ The @code{warnx} function is roughly equivalent to a call like
+ @smallexample
+ error (0, 0, format, @r{the parameters})
+@@ -1615,6 +1648,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn, but without the strerror translation issues.
+ The @code{vwarnx} function is just like @code{warnx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn followed by exit.
+ The @code{err} function is roughly equivalent to a call like
+ @smallexample
+ error (status, errno, format, @r{the parameters})
+@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn followed by exit.
+ The @code{verr} function is just like @code{err} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warnx followed by exit.
+ The @code{errx} function is roughly equivalent to a call like
+ @smallexample
+ error (status, 0, format, @r{the parameters})
+@@ -1657,6 +1698,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarnx followed by exit.
+ The @code{verrx} function is just like @code{errx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
commit 6c7e1ffb65b6f160f2a901a4d7fb52654cee4521
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:34 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/errno.texi: Document thread safety properties.
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=99ddb1a0214122ee3ce2d4a4292978e1e00442a4
commit 99ddb1a0214122ee3ce2d4a4292978e1e00442a4
Merge: 91130e4 c7ee4c2 4d8b595
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:12 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=91130e4b59ea170e3c28c543b5f83380c1998e6b
commit 91130e4b59ea170e3c28c543b5f83380c1998e6b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:12 2013 -0300
import
diff --git a/meta b/meta
index 35b24f1..0437233 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 4d47d98038a63156be7d3a6588f4892f3f44b0b3
-Head: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
+Previous: 4d8b595aa808366628a3d60761726294a8eb41f7
+Head: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -11,6 +11,7 @@ Applied:
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
+ manual-document-mt-safety-debug.patch: c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-debug.patch b/patches/manual-document-mt-safety-debug.patch
new file mode 100644
index 0000000..c31f434
--- /dev/null
+++ b/patches/manual-document-mt-safety-debug.patch
@@ -0,0 +1,57 @@
+Bottom: ef2aa24039042b2529772d0209797c599eb01fbe
+Top: d9693aa296c06ebe3fdaa8817d28a446b893fe25
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:05:11 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/debug.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/debug.texi b/manual/debug.texi
+index 1db9c18..ce0c263 100644
+--- a/manual/debug.texi
++++ b/manual/debug.texi
+@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun int backtrace (void **@var{buffer}, int @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Pointer chasing within the local stack.
+ The @code{backtrace} function obtains a backtrace for the current
+ thread, as a list of pointers, and places the information into
+ @var{buffer}. The argument @var{size} should be the number of
+@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
++@c Collects info returned by _dl_addr in auto array, allocates memory
++@c for the whole return buffer with malloc then sprintfs into it storing
++@c pointers to the strings into the array entries in the buffer.
++@c _dl_addr takes the recursive dl_load_lock then calls
++@c _dl_find_dso_for_object and determine_info.
++@c _dl_find_dso_for_object calls _dl-addr_inside_object.
++@c All of them are safe as long as the lock is held.
++@c asynconsist? It doesn't looke like the dynamic loader's data
++@c structures could be in an inconsistent state that would cause
++@c malfunction here.
+ The @code{backtrace_symbols} function translates the information
+ obtained from the @code{backtrace} function into an array of strings.
+ The argument @var{buffer} should be a pointer to an array of addresses
+@@ -88,6 +101,11 @@ cannot be obtained.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
++@c Single loop of _dl_addr over addresses, collecting info into an iovec
++@c written out with a writev call per iteration. Addresses and offsets
++@c are converted to hex in auto buffers, so the only potential issue
++@c here is leaking the dl lock in case of cancellation.
+ The @code{backtrace_symbols_fd} function performs the same translation
+ as the function @code{backtrace_symbols} function. Instead of returning
+ the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
commit c7ee4c2aa47d7a32e68a01dd01e4087485df8ccf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:05:11 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/debug.texi: Document thread safety properties.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4d8b595aa808366628a3d60761726294a8eb41f7
commit 4d8b595aa808366628a3d60761726294a8eb41f7
Merge: ee90b6e d3739e9 4d47d98
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:17 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ee90b6e96ffad2c5dabebb2f6bc96e69ba9a2757
commit ee90b6e96ffad2c5dabebb2f6bc96e69ba9a2757
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:17 2013 -0300
float
diff --git a/meta b/meta
index e27c22f..35b24f1 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
-Head: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
+Previous: 4d47d98038a63156be7d3a6588f4892f3f44b0b3
+Head: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,10 +10,10 @@ Applied:
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
+ manual-document-mt-safety-ctype.patch: d3739e943bb05d4edb6ca163f33c2cda30ada1f6
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index a9588e2..f682ded 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Bottom: 9879c04c4ffa34225360a9359ba3d098a05a208c
+Top: ef2aa24039042b2529772d0209797c599eb01fbe
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d3739e943bb05d4edb6ca163f33c2cda30ada1f6
commit d3739e943bb05d4edb6ca163f33c2cda30ada1f6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4d47d98038a63156be7d3a6588f4892f3f44b0b3
commit 4d47d98038a63156be7d3a6588f4892f3f44b0b3
Merge: 22819d7 d24ed54
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:01 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22819d712565b64a19a9bb66b1150b60bab262fc
commit 22819d712565b64a19a9bb66b1150b60bab262fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:04:01 2013 -0300
rename
diff --git a/meta b/meta
index 7db2e07..e27c22f 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: cbeec520ddf7025ba680c736e39b76887de956c0
+Previous: d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
Head: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
- new.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
+ manual-document-mt-safety-crypt.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/manual-document-mt-safety-crypt.patch
similarity index 100%
rename from patches/new.patch
rename to patches/manual-document-mt-safety-crypt.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=77aa308dccc33e4ccba70b5ac186e1d5c2408f17
commit 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/crypt.texi: Document thread safety properties.
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
commit d24ed54af95494d6d45a3d2d0b4906c72e9a89d8
Merge: c68ab57 cbeec52 77aa308
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c68ab570778257693f59e8382d40a4f6c33adbb8
commit c68ab570778257693f59e8382d40a4f6c33adbb8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:47 2013 -0300
import
diff --git a/meta b/meta
index 60a716f..7db2e07 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 9eaea22809e3d84514c9a24279289cb5b093b745
-Head: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
+Previous: cbeec520ddf7025ba680c736e39b76887de956c0
+Head: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,6 +9,7 @@ Applied:
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
+ new.patch: 77aa308dccc33e4ccba70b5ac186e1d5c2408f17
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/new.patch
new file mode 100644
index 0000000..8311afe
--- /dev/null
+++ b/patches/new.patch
@@ -0,0 +1,114 @@
+Bottom: 01a0439b7c735fb096210cab50592ed7ae588e00
+Top: 9879c04c4ffa34225360a9359ba3d098a05a208c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:03:47 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/crypt.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/crypt.texi b/manual/crypt.texi
+index ef90590..5c9f6f7 100644
+--- a/manual/crypt.texi
++++ b/manual/crypt.texi
+@@ -92,7 +92,13 @@ in a convenient way.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun {char *} getpass (const char *@var{prompt})
+-
++@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
++@c This function will attempt to create a stream for terminal I/O, but
++@c will fallback to stdio/stderr. It attempts to change the terminal
++@c mode in a thread-unsafe way, write out the prompt, read the password,
++@c then restore the terminal mode. It has a cleanup to close the stream
++@c in case of (synchronous) cancellation, but not to restore the
++@c terminal mode.
+ @code{getpass} outputs @var{prompt}, then reads a string in from the
+ terminal without echoing it. It tries to connect to the real terminal,
+ @file{/dev/tty}, if possible, to encourage users not to put plaintext
+@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Besides the obvious problem of returning a pointer into static
++@c storage, the DES initializer takes an internal lock with the usual
++@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
++@c NSS implementations of may leak file descriptors if canceled. The
++@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
++@c and NSS relies on dlopening, which brings about another can of worms.
+
+ The @code{crypt} function takes a password, @var{key}, as a string, and
+ a @var{salt} character array which is described below, and returns a
+@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
+ @comment crypt.h
+ @comment GNU
+ @deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Compared with crypt, this function fixes the staticbuf problem, but
++@c nothing else.
+
+ The @code{crypt_r} function does the same thing as @code{crypt}, but
+ takes an extra parameter which includes space for its result (among
+@@ -233,6 +249,11 @@ specifies the unused bits.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void setkey (const char *@var{key})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c The static buffer stores the key, making it fundamentally
++@c thread-unsafe. The locking issues are only in the initialization
++@c path; cancelling the initialization will leave the lock held, it
++@c would otherwise repeat the initialization on the next call.
+
+ The @code{setkey} function sets an internal data structure to be an
+ expanded form of @var{key}. @var{key} is specified as an array of 64
+@@ -244,6 +265,8 @@ parity.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void encrypt (char *@var{block}, int @var{edflag})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c Same issues as setkey.
+
+ The @code{encrypt} function encrypts @var{block} if
+ @var{edflag} is 0, otherwise it decrypts @var{block}, using a key
+@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
+ @comment crypt.h
+ @comment GNU
+ @deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+ @comment crypt.h
+ @comment GNU
+ @deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+
+ These are reentrant versions of @code{setkey} and @code{encrypt}. The
+ only difference is the extra parameter, which stores the expanded
+@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{ecb_crypt} encrypts or decrypts one or more blocks
+ using DES. Each block is encrypted independently.
+@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{cbc_crypt} encrypts or decrypts one or more blocks
+ using DES in Cipher Block Chaining mode.
+@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun void des_setparity (char *@var{key})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{des_setparity} changes the 64-bit @var{key}, stored
+ packed in 8-bit bytes, to have odd parity by altering the low bits of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cbeec520ddf7025ba680c736e39b76887de956c0
commit cbeec520ddf7025ba680c736e39b76887de956c0
Merge: 68d86c4 9eaea22
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:22 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68d86c42b3ffa5e25ba65e4e8099563ac23879b3
commit 68d86c42b3ffa5e25ba65e4e8099563ac23879b3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:22 2013 -0300
rename
diff --git a/meta b/meta
index 76ffde7..60a716f 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 868381d9e68121f8017a7623afcda1bf00b77bf9
+Previous: 9eaea22809e3d84514c9a24279289cb5b093b745
Head: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -8,7 +8,7 @@ Applied:
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
- new.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
+ manual-document-mt-safety-conf.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/manual-document-mt-safety-conf.patch
similarity index 100%
rename from patches/new.patch
rename to patches/manual-document-mt-safety-conf.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
commit 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/conf.texi: Document thread safety properties.
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9eaea22809e3d84514c9a24279289cb5b093b745
commit 9eaea22809e3d84514c9a24279289cb5b093b745
Merge: 2c95e61 868381d 517120c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2c95e61f6162511b6ee0d35a151ec7b00488e82e
commit 2c95e61f6162511b6ee0d35a151ec7b00488e82e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:03:16 2013 -0300
import
diff --git a/meta b/meta
index ece0732..76ffde7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
-Head: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
+Previous: 868381d9e68121f8017a7623afcda1bf00b77bf9
+Head: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -8,6 +8,7 @@ Applied:
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
+ new.patch: 517120c0f0268cfc4dc3361ab19e1fc5d0c5ce91
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/new.patch
new file mode 100644
index 0000000..dc5d0aa
--- /dev/null
+++ b/patches/new.patch
@@ -0,0 +1,65 @@
+Bottom: 214fcee1fc2244efd3fa34e70667561366631af6
+Top: 01a0439b7c735fb096210cab50592ed7ae588e00
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:03:16 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/conf.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/conf.texi b/manual/conf.texi
+index 7eb8b36..edbb2fd 100644
+--- a/manual/conf.texi
++++ b/manual/conf.texi
+@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} sysconf (int @var{parameter})
++@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
++@c Some parts of the implementation open /proc and /sys files and dirs
++@c to collect system details, using fd and stream I/O depending on the
++@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
++@c calls tzset_internal, that calls getenv if it's called the first
++@c time; there are free and strdup calls in there too. The returned max
++@c value may change over time for TZNAME_MAX, depending on selected
++@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
++@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
++@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
++@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
+ This function is used to inquire about runtime system parameters. The
+ @var{parameter} argument should be one of the @samp{_SC_} symbols listed
+ below.
+@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c When __statfs_link_max finds an ext* filesystem, it may read
++@c /proc/mounts or similar as a mntent stream.
++@c __statfs_chown_restricted may read from
++@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
+ This function is used to inquire about the limits that apply to
+ the file named @var{filename}.
+
+@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c Same caveats as pathconf.
+ This is just like @code{pathconf} except that an open file descriptor
+ is used to specify the file for which information is requested, instead
+ of a file name.
+@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function reads the value of a string-valued system parameter,
+ storing the string into @var{len} bytes of memory space starting at
+ @var{buf}. The @var{parameter} argument should be one of the
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=868381d9e68121f8017a7623afcda1bf00b77bf9
commit 868381d9e68121f8017a7623afcda1bf00b77bf9
Merge: 9141d8e 69e769f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:49 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9141d8e8372bedc822555bdfc515025d1ef6e4fd
commit 9141d8e8372bedc822555bdfc515025d1ef6e4fd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:48 2013 -0300
rename
diff --git a/meta b/meta
index b5e50c8..ece0732 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: aff6a80c4f6f02731f47b8a61018af3783eab866
+Previous: 69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
Head: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -7,7 +7,7 @@ Applied:
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
- new.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
+ manual-document-mt-safety-charset.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/manual-document-mt-safety-charset.patch
similarity index 100%
rename from patches/new.patch
rename to patches/manual-document-mt-safety-charset.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
commit 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/charset.texi: Document thread safety properties.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
commit 69e769f4742cc3e9523f0e6fdd99b7ad004ccb3d
Merge: dcc9390 aff6a80 3df069f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=dcc93906ca71d674ca55d43b24d691f8c3cc5796
commit dcc93906ca71d674ca55d43b24d691f8c3cc5796
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:01:33 2013 -0300
import
diff --git a/meta b/meta
index 66aeca6..b5e50c8 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,13 @@
Version: 1
-Previous: 1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
-Head: a6f2df9755a82acf03faacd3844e32ff5336d033
+Previous: aff6a80c4f6f02731f47b8a61018af3783eab866
+Head: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
+ new.patch: 3df069f9dba32efa41ab542b1ec3dbee3a8d71ae
Unapplied:
manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/new.patch b/patches/new.patch
new file mode 100644
index 0000000..d61f282
--- /dev/null
+++ b/patches/new.patch
@@ -0,0 +1,232 @@
+Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
+Top: 214fcee1fc2244efd3fa34e70667561366631af6
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:01:33 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/charset.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/charset.texi b/manual/charset.texi
+index e21502e..7e6c416 100644
+--- a/manual/charset.texi
++++ b/manual/charset.texi
+@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int mbsinit (const mbstate_t *@var{ps})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c ps is dereferenced once, unguarded. Potential harmless data race.
+ The @code{mbsinit} function determines whether the state object pointed
+ to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
+ the object is in the initial state the return value is nonzero. Otherwise
+@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t btowc (int @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls btowc_fct or __fct; reads from locale, and from the
++@c get_gconv_fcts result multiple times. get_gconv_fcts calls
++@c __wcsmbs_load_conv to initialize the ctype if it's null.
++@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
++@c memory for the fcts structure, initializing it, and then storing it
++@c in the locale object. The initialization involves dlopening and a
++@c lot more.
+ The @code{btowc} function (``byte to wide character'') converts a valid
+ single byte character @var{c} in the initial shift state into the wide
+ character equivalent using the conversion rules from the currently
+@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wctob (wint_t @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctob} function (``wide character to byte'') takes as the
+ parameter a valid wide character. If the multibyte representation for
+ this character in the initial state is exactly one byte long, the return
+@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ @cindex stateful
+ The @code{mbrtowc} function (``multibyte restartable to wide
+ character'') converts the next multibyte character in the string pointed
+@@ -728,6 +740,7 @@ function that does part of the work.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbrlen} function (``multibyte restartable length'') computes
+ the number of at most @var{n} bytes starting at @var{s}, which form the
+ next valid and complete multibyte character.
+@@ -811,6 +824,50 @@ doing the work twice.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c wcrtomb uses a static, non-thread-local unguarded state variable when
++@c PS is NULL. When a state is passed in, and it's not used
++@c concurrently in other threads, this function behaves safely as long
++@c as gconv modules don't bring MT safety issues of their own.
++@c Attempting to load gconv modules or to build conversion chains in
++@c signal handlers may encounter gconv databases or caches in a
++@c partially-updated state, and asynchronous cancellation may leave them
++@c in such states, besides leaking the lock that guards them.
++@c get_gconv_fcts ok
++@c wcsmbs_load_conv ok
++@c norm_add_slashes ok
++@c wcsmbs_getfct ok
++@c gconv_find_transform ok
++@c gconv_read_conf (libc_once)
++@c gconv_lookup_cache ok
++@c find_module_idx ok
++@c find_module ok
++@c gconv_find_shlib (ok)
++@c ->init_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c do_lookup_alias ok
++@c find_derivation ok
++@c derivation_lookup ok
++@c increment_counter ok
++@c gconv_find_shlib ok
++@c step->init_fct (assumed ok)
++@c gen_steps ok
++@c gconv_find_shlib ok
++@c dlopen (presumed ok)
++@c dlsym (presumed ok)
++@c step->init_fct (assumed ok)
++@c step->end_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c add_derivation ok
++@c gconv_close_transform ok
++@c gconv_release_step ok
++@c step->end_fct (assumed ok)
++@c gconv_release_shlib ok
++@c dlclose (presumed ok)
++@c gconv_release_cache ok
++@c ->tomb->__fct (assumed ok)
+ The @code{wcrtomb} function (``wide character restartable to
+ multibyte'') converts a single wide character into a multibyte string
+ corresponding to that wide character.
+@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsrtowcs} function (``multibyte string restartable to wide
+ character string'') converts an NUL-terminated multibyte character
+ string at @code{*@var{src}} into an equivalent wide character string,
+@@ -1039,6 +1097,7 @@ length and passing this length to the function.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsrtombs} function (``wide character string restartable to
+ multibyte string'') converts the NUL-terminated wide character string at
+ @code{*@var{src}} into an equivalent multibyte character string and
+@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
+ function. All the parameters are the same except for @var{nmc}, which is
+ new. The return value is the same as for @code{mbsrtowcs}.
+@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsnrtombs} function implements the conversion from wide
+ character strings to multibyte character strings. It is similar to
+ @code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
+@@ -1280,6 +1341,7 @@ conversion functions.}
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbtowc} (``multibyte to wide character'') function when called
+ with non-null @var{string} converts the first multibyte character
+ beginning at @var{string} to its corresponding wide character code. It
+@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctomb} (``wide character to multibyte'') function converts
+ the wide character code @var{wchar} to its corresponding multibyte
+ character sequence, and stores the result in bytes starting at
+@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mblen (const char *@var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mblen} function with a non-null @var{string} argument returns
+ the number of bytes that make up the multibyte character beginning at
+ @var{string}, never examining more than @var{size} bytes. (The idea is
+@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Odd... Although this is in the non-reentrant section, the state
++@c object is automatic, not a static buffer.
+ The @code{mbstowcs} (``multibyte string to wide character string'')
+ function converts the null-terminated string of multibyte characters
+ @var{string} to an array of wide character codes, storing not more than
+@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcstombs} (``wide character string to multibyte string'')
+ function converts the null-terminated wide character array @var{wstring}
+ into a string containing multibyte characters, storing not more than
+@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
++@c strip and upstr on both, then gconv_open. strip and upstr call
++@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
++@c tokenize toset, replace unspecified codesets with the current locale
++@c (posibly two different accesses), and finally it calls
++@c gconv_find_transform and initializes the gconv_t result with all the
++@c steps in the conversion sequence, running each one's initializer,
++@c destructing and releasing them all if anything fails.
++
+ The @code{iconv_open} function has to be used before starting a
+ conversion. The two parameters this function takes determine the
+ source and destination character set for the conversion, and if the
+@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun int iconv_close (iconv_t @var{cd})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
++@c Calls gconv_close to destruct and release each of the conversion
++@c steps, release the gconv_t object, then call gconv_close_transform.
++@c Access to the gconv_t object is not guarded, but calling iconv_close
++@c concurrently with any other use is undefined.
++
+ The @code{iconv_close} function frees all resources associated with the
+ handle @var{cd}, which must have been returned by a successful call to
+ the @code{iconv_open} function.
+@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
++@c Without guarding access to the gconv_t object pointed to by cd, call
++@c the conversion function to convert inbuf or flush the internal
++@c conversion state.
+ @cindex stateful
+ The @code{iconv} function converts the text in the input buffer
+ according to the rules associated with the descriptor @var{cd} and
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=aff6a80c4f6f02731f47b8a61018af3783eab866
commit aff6a80c4f6f02731f47b8a61018af3783eab866
Merge: 96dbf41 1037ba6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:24 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96dbf412285bf011376452689da1c4e476c4b8f4
commit 96dbf412285bf011376452689da1c4e476c4b8f4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:24 2013 -0300
pop
diff --git a/meta b/meta
index 03244cf..66aeca6 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: f02c0e21f0bcde96b0c9fba5082bfab8011f819b
-Head: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
+Previous: 1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
+Head: a6f2df9755a82acf03faacd3844e32ff5336d033
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
- manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Unapplied:
+ manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a6f2df9755a82acf03faacd3844e32ff5336d033
commit a6f2df9755a82acf03faacd3844e32ff5336d033
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
commit 1037ba670ee6fa52c0455717d21e7e75ce3fb9ef
Merge: 3f1d89c 168f6d6 f02c0e2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:22 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3f1d89c572ccf3a5150faa0577314d34d359a95a
commit 3f1d89c572ccf3a5150faa0577314d34d359a95a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:22 2013 -0300
push
diff --git a/meta b/meta
index 1bf113b..03244cf 100644
--- a/meta
+++ b/meta
@@ -1,14 +1,14 @@
Version: 1
-Previous: 870a5eece5a3e5118f41a273a5e0d57218e66127
-Head: 3a08620f4907bff742b31a6f67651e4a3b21c179
+Previous: f02c0e21f0bcde96b0c9fba5082bfab8011f819b
+Head: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
+ manual-document-mt-safety-arith.patch: a6f2df9755a82acf03faacd3844e32ff5336d033
+ manual-document-mt-safety-stdio.patch: 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Unapplied:
- manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
- manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 2977482..b25c52a 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
-Top: 77a9710ea0dc3422d900f3c93d406942e132693c
+Bottom: 159ee8e039a2ee1968f5b806b99cb2c568c31678
+Top: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 8aae437..fb0f44d 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
-Top: e394e37491899340294bfd977f43c098c558c2b1
+Bottom: 7d1efa70a6263de6179afe2a9a443ea3375c3c65
+Top: 9d00eea6735363e6e80869186f9fb160ee3e5642
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=168f6d659bcb7106985edac12bc7b3a2110a7fb0
commit 168f6d659bcb7106985edac12bc7b3a2110a7fb0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3a08620f4907bff742b31a6f67651e4a3b21c179
commit 3a08620f4907bff742b31a6f67651e4a3b21c179
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f02c0e21f0bcde96b0c9fba5082bfab8011f819b
commit f02c0e21f0bcde96b0c9fba5082bfab8011f819b
Merge: 80cd2a7 3a08620 870a5ee
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:13 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=80cd2a7119496bb7b8d9fbd2efc0734dfa4de5f5
commit 80cd2a7119496bb7b8d9fbd2efc0734dfa4de5f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:13 2013 -0300
float
diff --git a/meta b/meta
index 6ebdbd5..1bf113b 100644
--- a/meta
+++ b/meta
@@ -1,16 +1,16 @@
Version: 1
-Previous: 55da5cc8b1a927b818e90ac3ebb021f1f93db170
-Head: 04381689562081fc1e2328e5807e0dc537c1c5fc
+Previous: 870a5eece5a3e5118f41a273a5e0d57218e66127
+Head: 3a08620f4907bff742b31a6f67651e4a3b21c179
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
+ manual-document-mt-safety-argp.patch: 3a08620f4907bff742b31a6f67651e4a3b21c179
Unapplied:
manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-argp.patch: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index d575e96..5313e9f 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -1,5 +1,5 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Top: a71a934d3af669b0a2a4656922c2a6cfd020181a
+Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
+Top: 159ee8e039a2ee1968f5b806b99cb2c568c31678
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 21:57:08 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=870a5eece5a3e5118f41a273a5e0d57218e66127
commit 870a5eece5a3e5118f41a273a5e0d57218e66127
Merge: 178ff64 55da5cc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:07 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=178ff64a45437921cbeedce8d650e2ec827fd205
commit 178ff64a45437921cbeedce8d650e2ec827fd205
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:07 2013 -0300
pop
diff --git a/meta b/meta
index 66ba666..6ebdbd5 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,12 @@
Version: 1
-Previous: 4333c49a222db29650411bf35bcf96e650464ff9
-Head: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
+Previous: 55da5cc8b1a927b818e90ac3ebb021f1f93db170
+Head: 04381689562081fc1e2328e5807e0dc537c1c5fc
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
- manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Unapplied:
+ manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=55da5cc8b1a927b818e90ac3ebb021f1f93db170
commit 55da5cc8b1a927b818e90ac3ebb021f1f93db170
Merge: 43832e8 60f0d7a 4333c49
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=43832e8a8aa6cffa171f6bc90c9f68f13ea8e03e
commit 43832e8a8aa6cffa171f6bc90c9f68f13ea8e03e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh
diff --git a/meta b/meta
index 4b29503..66ba666 100644
--- a/meta
+++ b/meta
@@ -1,12 +1,11 @@
Version: 1
-Previous: 0c3a0fd528c1aea76c88e92991b952428087e5a5
-Head: e100ba384a1bfa95f011c59ef9e535600dbbbf03
+Previous: 4333c49a222db29650411bf35bcf96e650464ff9
+Head: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
- manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
- refresh-temp: e100ba384a1bfa95f011c59ef9e535600dbbbf03
+ manual-document-mt-safety-arith.patch: 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Unapplied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 5f1c9c2..2977482 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
-Top: e75a47b5ad278b7f85e5420cd63cda069e0b7030
+Top: 77a9710ea0dc3422d900f3c93d406942e132693c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:40 -0300
@@ -13,7 +13,7 @@ for ChangeLog
---
diff --git a/manual/arith.texi b/manual/arith.texi
-index 77056c3..833e0c9 100644
+index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@@ -49,7 +49,47 @@ index 77056c3..833e0c9 100644
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
-@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
+@@ -318,6 +323,7 @@ floating-point number a variable holds.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is a generic macro which works on all floating-point types and
+ which returns a value of type @code{int}. The possible values are:
+
+@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite: not plus or
+ minus infinity, and not NaN. It is equivalent to
+
+@@ -368,6 +375,7 @@ floating-point type.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite and normalized.
+ It is equivalent to
+
+@@ -379,6 +387,7 @@ It is equivalent to
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is NaN. It is equivalent
+ to
+
+@@ -390,6 +399,7 @@ to
+ @comment math.h
+ @comment GNU
+ @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is a signaling NaN
+ (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
+ extension.
+@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
@@ -57,7 +97,7 @@ index 77056c3..833e0c9 100644
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
-@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
+@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
@@ -65,7 +105,7 @@ index 77056c3..833e0c9 100644
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
-@@ -445,6 +452,7 @@ function for some reason, you can write
+@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
@@ -73,7 +113,7 @@ index 77056c3..833e0c9 100644
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
-@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
+@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
@@ -96,7 +136,7 @@ index 77056c3..833e0c9 100644
This function clears all of the supported exception flags indicated by
@var{excepts}.
-@@ -723,6 +747,7 @@ non-zero value otherwise.
+@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
@@ -104,7 +144,7 @@ index 77056c3..833e0c9 100644
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
-@@ -738,6 +763,7 @@ non-zero value otherwise.
+@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
@@ -112,7 +152,7 @@ index 77056c3..833e0c9 100644
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
-@@ -774,6 +800,7 @@ following functions:
+@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
@@ -120,7 +160,7 @@ index 77056c3..833e0c9 100644
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
-@@ -785,6 +812,7 @@ non-zero value otherwise.
+@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
@@ -128,7 +168,7 @@ index 77056c3..833e0c9 100644
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
-@@ -940,6 +968,7 @@ find out which one with this function:
+@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
@@ -136,7 +176,7 @@ index 77056c3..833e0c9 100644
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
-@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
+@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
@@ -144,7 +184,7 @@ index 77056c3..833e0c9 100644
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
-@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
+@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
@@ -152,7 +192,7 @@ index 77056c3..833e0c9 100644
Store the floating-point environment in the variable pointed to by
@var{envp}.
-@@ -1004,6 +1035,7 @@ non-zero value otherwise.
+@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
@@ -160,7 +200,7 @@ index 77056c3..833e0c9 100644
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
-@@ -1042,6 +1074,7 @@ functions:
+@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
@@ -168,7 +208,7 @@ index 77056c3..833e0c9 100644
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
-@@ -1051,6 +1084,7 @@ non-zero value otherwise.
+@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
@@ -176,7 +216,7 @@ index 77056c3..833e0c9 100644
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
-@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
+@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
@@ -184,7 +224,7 @@ index 77056c3..833e0c9 100644
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
-@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
+@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
@@ -192,7 +232,7 @@ index 77056c3..833e0c9 100644
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
-@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
+@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
@@ -200,7 +240,7 @@ index 77056c3..833e0c9 100644
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
-@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
+@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
@@ -208,7 +248,7 @@ index 77056c3..833e0c9 100644
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
-@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
+@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
@@ -216,7 +256,7 @@ index 77056c3..833e0c9 100644
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
-@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
+@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
@@ -224,7 +264,7 @@ index 77056c3..833e0c9 100644
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
-@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
+@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
@@ -232,7 +272,7 @@ index 77056c3..833e0c9 100644
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
-@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
+@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
@@ -240,7 +280,7 @@ index 77056c3..833e0c9 100644
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
-@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
+@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
@@ -248,7 +288,7 @@ index 77056c3..833e0c9 100644
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
-@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
@@ -256,7 +296,7 @@ index 77056c3..833e0c9 100644
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
-@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
@@ -264,7 +304,7 @@ index 77056c3..833e0c9 100644
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
-@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
@@ -272,7 +312,7 @@ index 77056c3..833e0c9 100644
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
-@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
+@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
@@ -280,7 +320,7 @@ index 77056c3..833e0c9 100644
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
-@@ -1349,6 +1396,7 @@ is @code{2.0}.
+@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
@@ -288,7 +328,7 @@ index 77056c3..833e0c9 100644
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
-@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
+@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
@@ -296,7 +336,7 @@ index 77056c3..833e0c9 100644
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
-@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
+@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
@@ -304,7 +344,7 @@ index 77056c3..833e0c9 100644
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
-@@ -1397,6 +1447,7 @@ inexact exception.
+@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
@@ -312,7 +352,7 @@ index 77056c3..833e0c9 100644
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
-@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
+@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
@@ -320,7 +360,7 @@ index 77056c3..833e0c9 100644
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
-@@ -1424,6 +1476,7 @@ current rounding mode).
+@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
@@ -328,7 +368,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
-@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
+@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
@@ -336,7 +376,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
-@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
+@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
@@ -344,7 +384,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
-@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
+@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
@@ -352,7 +392,7 @@ index 77056c3..833e0c9 100644
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
-@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
+@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
@@ -360,7 +400,7 @@ index 77056c3..833e0c9 100644
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
-@@ -1503,6 +1560,7 @@ suits your problem.
+@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
@@ -368,7 +408,7 @@ index 77056c3..833e0c9 100644
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
-@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
+@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
@@ -376,7 +416,7 @@ index 77056c3..833e0c9 100644
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
-@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
+@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
@@ -384,7 +424,7 @@ index 77056c3..833e0c9 100644
This function is another name for @code{drem}.
@end deftypefun
-@@ -1569,6 +1629,7 @@ bits.
+@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
@@ -392,7 +432,7 @@ index 77056c3..833e0c9 100644
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
-@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
@@ -400,7 +440,7 @@ index 77056c3..833e0c9 100644
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
-@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
+@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
@@ -408,7 +448,7 @@ index 77056c3..833e0c9 100644
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
-@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
@@ -416,7 +456,7 @@ index 77056c3..833e0c9 100644
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
-@@ -1640,6 +1704,8 @@ double}.
+@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
@@ -425,7 +465,7 @@ index 77056c3..833e0c9 100644
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
-@@ -1674,6 +1740,7 @@ arguments only once.
+@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -433,7 +473,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
-@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -441,7 +481,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
-@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -449,7 +489,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
-@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
+@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -457,7 +497,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
-@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -465,7 +505,7 @@ index 77056c3..833e0c9 100644
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
-@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
+@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
@@ -473,7 +513,7 @@ index 77056c3..833e0c9 100644
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
-@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
+@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
@@ -481,7 +521,7 @@ index 77056c3..833e0c9 100644
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
-@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
+@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
@@ -489,7 +529,7 @@ index 77056c3..833e0c9 100644
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
-@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
+@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
@@ -497,7 +537,7 @@ index 77056c3..833e0c9 100644
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
-@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
+@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
@@ -505,7 +545,7 @@ index 77056c3..833e0c9 100644
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
-@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
+@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
@@ -513,7 +553,7 @@ index 77056c3..833e0c9 100644
These functions return the real part of the complex number @var{z}.
@end deftypefun
-@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
+@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
@@ -521,7 +561,7 @@ index 77056c3..833e0c9 100644
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
-@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
+@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
@@ -529,7 +569,7 @@ index 77056c3..833e0c9 100644
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
-@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
+@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
@@ -537,7 +577,7 @@ index 77056c3..833e0c9 100644
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
-@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
+@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
@@ -545,7 +585,7 @@ index 77056c3..833e0c9 100644
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
-@@ -2034,6 +2115,16 @@ as well.
+@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -562,7 +602,7 @@ index 77056c3..833e0c9 100644
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
-@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
+@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -570,7 +610,7 @@ index 77056c3..833e0c9 100644
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
-@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -578,7 +618,7 @@ index 77056c3..833e0c9 100644
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
-@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
+@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -586,7 +626,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
-@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -594,7 +634,7 @@ index 77056c3..833e0c9 100644
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
-@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
+@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -602,7 +642,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
-@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -617,7 +657,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
-@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
+@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -625,7 +665,7 @@ index 77056c3..833e0c9 100644
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
-@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
+@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -633,7 +673,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
-@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -648,7 +688,7 @@ index 77056c3..833e0c9 100644
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
-@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
+@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -656,7 +696,7 @@ index 77056c3..833e0c9 100644
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
-@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -664,7 +704,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
-@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
+@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
@@ -672,7 +712,7 @@ index 77056c3..833e0c9 100644
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
-@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
@@ -680,7 +720,7 @@ index 77056c3..833e0c9 100644
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
-@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
+@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
@@ -688,7 +728,7 @@ index 77056c3..833e0c9 100644
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
-@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
+@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
@@ -696,7 +736,7 @@ index 77056c3..833e0c9 100644
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
-@@ -2267,6 +2375,7 @@ instead.
+@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
@@ -704,17 +744,43 @@ index 77056c3..833e0c9 100644
This function is similar to @code{atol}, except it returns a @code{long
long int}.
-@@ -2331,6 +2440,9 @@ as well.
+@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
++@c
++@c round_and_return
++@c get_rounding_mode ok
++@c mpn_add_1 ok
++@c mpn_rshift ok
++@c MPN_ZERO ok
++@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
++@c str_to_mpn
++@c mpn_mul_1 -> umul_ppmm ok
++@c mpn_add_1 ok
++@c mpn_lshift_1 -> mpn_lshift ok
++@c STRTOF_INTERNAL
++@c MPN_VAR ok
++@c SET_MANTISSA ok
++@c STRNCASECMP ok, wide and narrow
++@c round_and_return ok
++@c mpn_mul ok
++@c mpn_addmul_1 ok
++@c ... mpn_sub
++@c mpn_lshift ok
++@c udiv_qrnnd ok
++@c count_leading_zeros ok
++@c add_ssaaaa ok
++@c sub_ddmmss ok
++@c umul_ppmm ok
++@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
-@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
+@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
@@ -722,7 +788,7 @@ index 77056c3..833e0c9 100644
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
-@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
+@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
@@ -730,7 +796,7 @@ index 77056c3..833e0c9 100644
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
-@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
+@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
@@ -738,7 +804,7 @@ index 77056c3..833e0c9 100644
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
-@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
+@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -746,7 +812,7 @@ index 77056c3..833e0c9 100644
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
-@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
+@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -754,7 +820,7 @@ index 77056c3..833e0c9 100644
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
-@@ -2516,6 +2633,9 @@ to @code{fcvt}.
+@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
@@ -764,7 +830,7 @@ index 77056c3..833e0c9 100644
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
-@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
+@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -772,7 +838,7 @@ index 77056c3..833e0c9 100644
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
-@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
+@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
@@ -780,7 +846,7 @@ index 77056c3..833e0c9 100644
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
-@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
+@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
@@ -788,7 +854,7 @@ index 77056c3..833e0c9 100644
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
-@@ -2566,6 +2689,7 @@ user-supplied buffer.
+@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
@@ -796,7 +862,7 @@ index 77056c3..833e0c9 100644
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
-@@ -2577,6 +2701,7 @@ This function is a GNU extension.
+@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
@@ -804,7 +870,7 @@ index 77056c3..833e0c9 100644
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
-@@ -2588,6 +2713,7 @@ This function is a GNU extension.
+@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
@@ -812,7 +878,7 @@ index 77056c3..833e0c9 100644
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
-@@ -2599,6 +2725,7 @@ This function is a GNU extension.
+@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 1950b7a..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,86 +0,0 @@
-Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
-Top: 77a9710ea0dc3422d900f3c93d406942e132693c
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 22:00:05 -0300
-
-Refresh of manual-document-mt-safety-arith.patch
-
----
-
-diff --git a/manual/arith.texi b/manual/arith.texi
-index 833e0c9..5c3aa9d 100644
---- a/manual/arith.texi
-+++ b/manual/arith.texi
-@@ -323,6 +323,7 @@ floating-point number a variable holds.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is a generic macro which works on all floating-point types and
- which returns a value of type @code{int}. The possible values are:
-
-@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite: not plus or
- minus infinity, and not NaN. It is equivalent to
-
-@@ -373,6 +375,7 @@ floating-point type.
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is finite and normalized.
- It is equivalent to
-
-@@ -384,6 +387,7 @@ It is equivalent to
- @comment math.h
- @comment ISO
- @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is NaN. It is equivalent
- to
-
-@@ -395,6 +399,7 @@ to
- @comment math.h
- @comment GNU
- @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This macro returns a nonzero value if @var{x} is a signaling NaN
- (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
- extension.
-@@ -2443,6 +2448,32 @@ as well.
- @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
- @c mpn, but it's all safe.
-+@c
-+@c round_and_return
-+@c get_rounding_mode ok
-+@c mpn_add_1 ok
-+@c mpn_rshift ok
-+@c MPN_ZERO ok
-+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
-+@c str_to_mpn
-+@c mpn_mul_1 -> umul_ppmm ok
-+@c mpn_add_1 ok
-+@c mpn_lshift_1 -> mpn_lshift ok
-+@c STRTOF_INTERNAL
-+@c MPN_VAR ok
-+@c SET_MANTISSA ok
-+@c STRNCASECMP ok, wide and narrow
-+@c round_and_return ok
-+@c mpn_mul ok
-+@c mpn_addmul_1 ok
-+@c ... mpn_sub
-+@c mpn_lshift ok
-+@c udiv_qrnnd ok
-+@c count_leading_zeros ok
-+@c add_ssaaaa ok
-+@c sub_ddmmss ok
-+@c umul_ppmm ok
-+@c mpn_submul_1 ok
- The @code{strtod} (``string-to-double'') function converts the initial
- part of @var{string} to a floating-point number, which is returned as a
- value of type @code{double}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4333c49a222db29650411bf35bcf96e650464ff9
commit 4333c49a222db29650411bf35bcf96e650464ff9
Merge: 15f6d5c 0c3a0fd e100ba3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=15f6d5c35067e03be01c127bcfd9e2e9fe1b8533
commit 15f6d5c35067e03be01c127bcfd9e2e9fe1b8533
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:06 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index ec1a72d..4b29503 100644
--- a/meta
+++ b/meta
@@ -1,11 +1,12 @@
Version: 1
-Previous: a9a80d7db412a35452f3cf4e4409c2b8f57c906f
-Head: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+Previous: 0c3a0fd528c1aea76c88e92991b952428087e5a5
+Head: e100ba384a1bfa95f011c59ef9e535600dbbbf03
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+ refresh-temp: e100ba384a1bfa95f011c59ef9e535600dbbbf03
Unapplied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..1950b7a
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,86 @@
+Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
+Top: 77a9710ea0dc3422d900f3c93d406942e132693c
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 22:00:05 -0300
+
+Refresh of manual-document-mt-safety-arith.patch
+
+---
+
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 833e0c9..5c3aa9d 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -323,6 +323,7 @@ floating-point number a variable holds.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is a generic macro which works on all floating-point types and
+ which returns a value of type @code{int}. The possible values are:
+
+@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite: not plus or
+ minus infinity, and not NaN. It is equivalent to
+
+@@ -373,6 +375,7 @@ floating-point type.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite and normalized.
+ It is equivalent to
+
+@@ -384,6 +387,7 @@ It is equivalent to
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is NaN. It is equivalent
+ to
+
+@@ -395,6 +399,7 @@ to
+ @comment math.h
+ @comment GNU
+ @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is a signaling NaN
+ (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
+ extension.
+@@ -2443,6 +2448,32 @@ as well.
+ @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+ @c mpn, but it's all safe.
++@c
++@c round_and_return
++@c get_rounding_mode ok
++@c mpn_add_1 ok
++@c mpn_rshift ok
++@c MPN_ZERO ok
++@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
++@c str_to_mpn
++@c mpn_mul_1 -> umul_ppmm ok
++@c mpn_add_1 ok
++@c mpn_lshift_1 -> mpn_lshift ok
++@c STRTOF_INTERNAL
++@c MPN_VAR ok
++@c SET_MANTISSA ok
++@c STRNCASECMP ok, wide and narrow
++@c round_and_return ok
++@c mpn_mul ok
++@c mpn_addmul_1 ok
++@c ... mpn_sub
++@c mpn_lshift ok
++@c udiv_qrnnd ok
++@c count_leading_zeros ok
++@c add_ssaaaa ok
++@c sub_ddmmss ok
++@c umul_ppmm ok
++@c mpn_submul_1 ok
+ The @code{strtod} (``string-to-double'') function converts the initial
+ part of @var{string} to a floating-point number, which is returned as a
+ value of type @code{double}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e100ba384a1bfa95f011c59ef9e535600dbbbf03
commit e100ba384a1bfa95f011c59ef9e535600dbbbf03
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 22:00:05 2013 -0300
Refresh of manual-document-mt-safety-arith.patch
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0c3a0fd528c1aea76c88e92991b952428087e5a5
commit 0c3a0fd528c1aea76c88e92991b952428087e5a5
Merge: 3aac299 a9a80d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:59:00 2013 -0300
goto
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3aac29928db4613c0439ea41f186f8c7c94a98c4
commit 3aac29928db4613c0439ea41f186f8c7c94a98c4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:59:00 2013 -0300
goto
diff --git a/meta b/meta
index 0cac905..ec1a72d 100644
--- a/meta
+++ b/meta
@@ -1,16 +1,16 @@
Version: 1
-Previous: 96ebb1e30dfff4c328081e6ba98ee59e9a16d520
-Head: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
+Previous: a9a80d7db412a35452f3cf4e4409c2b8f57c906f
+Head: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+Unapplied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
manual-document-mt-safety-argp.patch: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
-Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a9a80d7db412a35452f3cf4e4409c2b8f57c906f
commit a9a80d7db412a35452f3cf4e4409c2b8f57c906f
Merge: 96fada4 9d7c8bd 96ebb1e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:58:08 2013 -0300
edit
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96fada49944a65715ea9527fe936c5cb703066d8
commit 96fada49944a65715ea9527fe936c5cb703066d8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:58:08 2013 -0300
edit
diff --git a/meta b/meta
index 5d9f62a..0cac905 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7e8611dfbf8a75c282b47f6b161e96476686f52e
-Head: 9c72e170ce965fba178d57de917a65654076047c
+Previous: 96ebb1e30dfff4c328081e6ba98ee59e9a16d520
+Head: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-argp.patch: 9c72e170ce965fba178d57de917a65654076047c
+ manual-document-mt-safety-argp.patch: 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
index 61f2f79..d575e96 100644
--- a/patches/manual-document-mt-safety-argp.patch
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -7,7 +7,7 @@ Thread safety documentation.
for ChangeLog
- * manual/???.texi: Document thread safety properties.
+ * manual/argp.texi: Document thread safety properties.
---
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
commit 9d7c8bd6707cd06cb1f10ff81ef6ae4c44704091
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/argp.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=96ebb1e30dfff4c328081e6ba98ee59e9a16d520
commit 96ebb1e30dfff4c328081e6ba98ee59e9a16d520
Merge: d9b0b74 9c72e17 7e8611d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
import
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d9b0b74c401b64500244517f1adf29c170ffd33e
commit d9b0b74c401b64500244517f1adf29c170ffd33e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
import
diff --git a/meta b/meta
index 54c22b4..5d9f62a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d11da2b66d5e92c15d1fc15f0ea42641d2461e28
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 7e8611dfbf8a75c282b47f6b161e96476686f52e
+Head: 9c72e170ce965fba178d57de917a65654076047c
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
+ manual-document-mt-safety-argp.patch: 9c72e170ce965fba178d57de917a65654076047c
Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
diff --git a/patches/manual-document-mt-safety-argp.patch b/patches/manual-document-mt-safety-argp.patch
new file mode 100644
index 0000000..61f2f79
--- /dev/null
+++ b/patches/manual-document-mt-safety-argp.patch
@@ -0,0 +1,241 @@
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Top: a71a934d3af669b0a2a4656922c2a6cfd020181a
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:57:08 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/???.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/argp.texi b/manual/argp.texi
+index c9fbe97..5322f91 100644
+--- a/manual/argp.texi
++++ b/manual/argp.texi
+@@ -36,6 +36,35 @@ needed in @code{main}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
++@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Optionally alloca()tes standard help options, initializes the parser,
++@c then parses individual args in a loop, and then finalizes.
++@c parser_init
++@c calc_sizes ok
++@c option_is_end ok
++@c malloc
++@c parser_convert glocale
++@c convert_options glocale
++@c option_is_end ok
++@c option_is_short ok
++@c isprint, but locale may change within the loop
++@c find_long_option ok
++@c group_parse
++@c group->parser (from argp->parser)
++@c parser_parse_next
++@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
++@c parser_parse_arg
++@c group_parse
++@c parser_parse_opt
++@c group_parse
++@c argp_error
++@c dgettext (bad key error)
++@c parser_finalize
++@c group_parse
++@c fprintf
++@c dgettext
++@c arg_state_help
++@c free
+ The @code{argp_parse} function parses the arguments in @var{argv}, of
+ length @var{argc}, using the argp parser @var{argp}. @xref{Argp
+ Parsers}. Passing a null pointer for @var{argp} is the same as using
+@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_usage (const struct argp_state *@var{state})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
+ Outputs the standard usage message for the argp parser referred to by
+ @var{state} to @code{@var{state}->err_stream} and terminate the program
+ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Lock stream, vasprintf the formatted message into a buffer, print the
++@c buffer prefixed by the short program name (in libc,
++@c argp_short_program_name is a macro that expands to
++@c program_invocation_short_name), releases the buffer, then call
++@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
++@c stream at the end.
+ Prints the printf format string @var{fmt} and following args, preceded
+ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ --help}} message, and terminates the program with an exit status of
+@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c Lock stream, write out the short program name, vasprintf the optional
++@c formatted message to a buffer, print the buffer prefixed by colon and
++@c blank, release the buffer, call strerror_r with an automatic buffer,
++@c print it out after colon and blank, put[w]c a line break, unlock the
++@c stream, then exit unless ARGP_NO_EXIT.
+ Similar to the standard gnu error-reporting function @code{error}, this
+ prints the program name and @samp{:}, the printf format string
+ @var{fmt}, and the appropriate following args. If it is non-zero, the
+@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help with the short program name and optionally exit.
++@c The main problems in _help, besides the usual issues with stream I/O
++@c and translation, are the use of a static buffer (uparams) that makes
++@c the whole thing thread-unsafe, reading from the environment for
++@c ARGP_HELP_FMT, accessing the locale object multiple times.
++
++@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c flockfile lockleak
++@c funlockfile lockleak
++@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
++@c argp_failure dup (status = errnum = 0)
++@c atoi dup
++@c argp_hol asmalloc, memleak
++@c make_hol asmalloc, memleak
++@c hol_add_cluster asmalloc, memleak
++@c hol_append asmalloc, memleak
++@c hol_set_group ok
++@c hol_find_entry ok
++@c hol_sort glocale, asmalloc, memleak
++@c qsort asmalloc, memleak
++@c hol_entry_qcmp glocale
++@c hol_entry_cmp glocale
++@c group_cmp ok
++@c hol_cluster_cmp ok
++@c group_cmp ok
++@c hol_entry_first_short glocale
++@c hol_entry_short_iterate [glocale]
++@c until_short ok
++@c oshort ok
++@c isprint ok
++@c odoc ok
++@c hol_entry_first_long ok
++@c canon_doc_option glocale
++@c tolower dup
++@c hol_usage glocale, asi18n, asmalloc, memleak
++@c hol_entry_short_iterate ok
++@c add_argless_short_opt ok
++@c argp_fmtstream_printf dup
++@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
++@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
++@c usage_long_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_wmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_putc dup
++@c hol_cluster_is_child ok
++@c argp_fmtstream_wmargin dup
++@c print_header dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c indent_to dup
++@c argp_fmtstream_putc dup
++@c arg glocale, asmalloc, memleak
++@c argp_fmtstream_printf dup
++@c odoc dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_printf dup
++@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c indent_to dup
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c filter_doc dup
++@c argp_fmtstream_point dup
++@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_putc dup
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c hol_free asmalloc, memleak
++@c free dup
++@c argp_args_levels ok
++@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc ok
++@c argp_input ok
++@c argp->help_filter
++@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_write dup
++@c free dup
++@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c strndup asmalloc, memleak
++@c argp_input dup
++@c argp->help_filter
++@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure dup
++@c argp_fmtstream_write dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_lmargin dup
++@c free dup
++@c argp_make_fmtstream asmalloc, memleak
++@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
++@c put[w]c_unlocked dup
++@c isblank in loop glocale
++@c fxprintf lockleak
++@c fxprintf lockleak
++@c free dup
++@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_printf glocale, asmalloc, memleak
++@c argp_fmtstream_ensure dup
++@c vsnprintf dup
++@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update dup
++@c fxprintf lockleak
++@c realloc asmalloc, memleak
+ Outputs a help message for the argp parser referred to by @var{state},
+ to @var{stream}. The @var{flags} argument determines what sort of help
+ message is produced. @xref{Argp Help Flags}.
+@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help.
+ This outputs a help message for the argp parser @var{argp} to
+ @var{stream}. The type of messages printed will be determined by
+ @var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c72e170ce965fba178d57de917a65654076047c
commit 9c72e170ce965fba178d57de917a65654076047c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:57:08 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7e8611dfbf8a75c282b47f6b161e96476686f52e
commit 7e8611dfbf8a75c282b47f6b161e96476686f52e
Merge: 8e11c55 d11da2b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:25 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8e11c554371a8a899acb151eef8276c929386ca5
commit 8e11c554371a8a899acb151eef8276c929386ca5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:25 2013 -0300
pop
diff --git a/meta b/meta
index 8d20da7..54c22b4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 787273f6143b548e5f11f11b3c3c95fa45db9c4c
-Head: 373cd1281ba686c2fef8b1307137684c40b28058
+Previous: d11da2b66d5e92c15d1fc15f0ea42641d2461e28
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d11da2b66d5e92c15d1fc15f0ea42641d2461e28
commit d11da2b66d5e92c15d1fc15f0ea42641d2461e28
Merge: c10c502 787273f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:17 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c10c50214e1269808d0662d71ccd99f3c32d2ce3
commit c10c50214e1269808d0662d71ccd99f3c32d2ce3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:17 2013 -0300
push
diff --git a/meta b/meta
index 063172b..8d20da7 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 64199f51a381b4d4b5f7315b70c469e03864f76d
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 787273f6143b548e5f11f11b3c3c95fa45db9c4c
+Head: 373cd1281ba686c2fef8b1307137684c40b28058
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
-Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=787273f6143b548e5f11f11b3c3c95fa45db9c4c
commit 787273f6143b548e5f11f11b3c3c95fa45db9c4c
Merge: 39cc60e 64199f5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:16 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=39cc60e0947495e98f5040aa9a7dc30327fec99e
commit 39cc60e0947495e98f5040aa9a7dc30327fec99e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:55:16 2013 -0300
pop
diff --git a/meta b/meta
index 72f3a68..063172b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 7ba5686bb79cef2c170433c89c68e7575d7668c4
-Head: 373cd1281ba686c2fef8b1307137684c40b28058
+Previous: 64199f51a381b4d4b5f7315b70c469e03864f76d
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=64199f51a381b4d4b5f7315b70c469e03864f76d
commit 64199f51a381b4d4b5f7315b70c469e03864f76d
Merge: 588c9a7 7ba5686
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:16 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=588c9a7cd0103760ac51eb8b74b41973dea845a4
commit 588c9a7cd0103760ac51eb8b74b41973dea845a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:16 2013 -0300
push
diff --git a/meta b/meta
index d9759ea..72f3a68 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 08970c2b94024e0d230a0d776f1871063f8e6c88
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 7ba5686bb79cef2c170433c89c68e7575d7668c4
+Head: 373cd1281ba686c2fef8b1307137684c40b28058
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
-Unapplied:
manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ba5686bb79cef2c170433c89c68e7575d7668c4
commit 7ba5686bb79cef2c170433c89c68e7575d7668c4
Merge: 061c868 08970c2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:09 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=061c8681a056597b8bbd858c0f4f02319cf9bf9d
commit 061c8681a056597b8bbd858c0f4f02319cf9bf9d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:51:09 2013 -0300
pop
diff --git a/meta b/meta
index 982c922..d9759ea 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 341e0af39e89972732f33b2256ec2fbf58b1e847
-Head: 373cd1281ba686c2fef8b1307137684c40b28058
+Previous: 08970c2b94024e0d230a0d776f1871063f8e6c88
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
- manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=08970c2b94024e0d230a0d776f1871063f8e6c88
commit 08970c2b94024e0d230a0d776f1871063f8e6c88
Merge: d313dd8 373cd12 341e0af
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:28 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d313dd81e9656f121dc256f8de0ed9330b50b7d2
commit d313dd81e9656f121dc256f8de0ed9330b50b7d2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:28 2013 -0300
push
diff --git a/meta b/meta
index 8fa23ce..982c922 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 6d47d3e1ad0ad4cbb739a9566bab050b7332879f
-Head: 263eed84f16353fb704fac8338422fb3f7b863fb
+Previous: 341e0af39e89972732f33b2256ec2fbf58b1e847
+Head: 373cd1281ba686c2fef8b1307137684c40b28058
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
+ manual-document-mt-safety-wip.patch: 373cd1281ba686c2fef8b1307137684c40b28058
Unapplied:
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 83ac8f5..403d0e3 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,4 +1,4 @@
-Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -685,330 +685,6 @@ index ef90590..5c9f6f7 100644
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-index f05d509..ddf38ce 100644
---- a/manual/ctype.texi
-+++ b/manual/ctype.texi
-@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int islower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The is* macros call __ctype_b_loc to get the ctype array from the
-+@c current locale, and then index it by c. __ctype_b_loc reads from
-+@c thread-local memory the (indirect) pointer to the ctype array, which
-+@c may involve one word access to the global locale object, if that's
-+@c the active locale for the thread, and the array, being part of the
-+@c locale data, is undeletable, so there's no thread-safety issue.
- Returns true if @var{c} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isalpha (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphabetic character (a letter). If
- @code{islower} or @code{isupper} is true of a character, then
- @code{isalpha} is also true.
-@@ -97,6 +106,7 @@ additional characters.
- @comment ctype.h
- @comment ISO
- @deftypefun int isdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @end deftypefun
-
-@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @comment ctype.h
- @comment ISO
- @deftypefun int isalnum (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphanumeric character (a letter or
- number); in other words, if either @code{isalpha} or @code{isdigit} is
- true of a character, then @code{isalnum} is also true.
-@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
- @comment ctype.h
- @comment ISO
- @deftypefun int isxdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
- @comment ctype.h
- @comment ISO
- @deftypefun int ispunct (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -132,6 +145,7 @@ character.
- @comment ctype.h
- @comment ISO
- @deftypefun int isspace (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{isspace} returns true for only the standard
- whitespace characters:
-@@ -161,6 +175,7 @@ vertical tab
- @comment ctype.h
- @comment ISO
- @deftypefun int isblank (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- @end deftypefun
-@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
- @comment ctype.h
- @comment ISO
- @deftypefun int isgraph (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -178,6 +194,7 @@ considered graphic.
- @comment ctype.h
- @comment ISO
- @deftypefun int isprint (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
- @end deftypefun
-@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
- @comment ctype.h
- @comment ISO
- @deftypefun int iscntrl (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a control character (that is, a character that
- is not a printing character).
- @end deftypefun
-@@ -194,6 +212,7 @@ is not a printing character).
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int isascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
- into the US/UK ASCII character set. This function is a BSD extension
- and is also an SVID extension.
-@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The to* macros/functions call different functions that use different
-+@c arrays than those of__ctype_b_loc, but the access patterns and
-+@c thus safety guarantees are the same.
- If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
- lower-case letter. If @var{c} is not an upper-case letter,
- @var{c} is returned unchanged.
-@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
- @comment ctype.h
- @comment ISO
- @deftypefun int toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
- upper-case letter. Otherwise @var{c} is returned unchanged.
- @end deftypefun
-@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int toascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function converts @var{c} to a 7-bit @code{unsigned char} value
- that fits into the US/UK ASCII character set, by clearing the high-order
- bits. This function is a BSD extension and is also an SVID extension.
-@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
- @comment ctype.h
- @comment SVID
- @deftypefun int _tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{tolower}, and is provided for compatibility
- with the SVID. @xref{SVID}.@refill
- @end deftypefun
-@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
- @comment ctype.h
- @comment SVID
- @deftypefun int _toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{toupper}, and is provided for compatibility
- with the SVID.
- @end deftypefun
-@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctype_t wctype (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Although the source code of wctype contains multiple references to
-+@c the locale, that could each reference different locale_data objects
-+@c should the global locale object change while active, the compiler can
-+@c and does combine them all into a single dereference that resolves
-+@c once to the LCTYPE locale object used throughout the function, so it
-+@c is safe in practice, if not in theory. Ideally we'd explicitly save
-+@c the resolved locale_data object to make it visibly safe instead of
-+@c safe only under compiler optimizations.
- The @code{wctype} returns a value representing a class of wide
- characters which is identified by the string @var{property}. Beside
- some standard properties each locale can define its own ones. In case
-@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The compressed lookup table returned by wctype is read-only.
- This function returns a nonzero value if @var{wc} is in the character
- class specified by @var{desc}. @var{desc} must previously be returned
- by a successful call to @code{wctype}.
-@@ -350,6 +388,15 @@ standard classes.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalnum (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c The implicit wctype call in the isw* functions is actually an
-+@c optimized version because the category has a known offset, but the
-+@c wctype is equally safe when optimized, unsafe if not optimized.
-+@c Since it's not a macro, and we always optimize, it's fine. The test
-+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
-+@c bring any other safety issues: the test does not depend on the
-+@c locale, and each path after the decision resolves the locale object
-+@c only once.
- This function returns a nonzero value if @var{wc} is an alphanumeric
- character (a letter or number); in other words, if either @code{iswalpha}
- or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalpha (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an alphabetic character (a letter). If
- @code{iswlower} or @code{iswupper} is true of a character, then
- @code{iswalpha} is also true.
-@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswcntrl (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a control character (that is, a character that
- is not a printing character).
-
-@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
- Please note that this function does not only return a nonzero value for
- @emph{decimal} digits, but for all kinds of digits. A consequence is
-@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswgraph (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int iswlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswprint (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
-
-@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswpunct (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswspace (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{iswspace} returns true for only the standard
- whitespace characters:
-@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswxdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -597,6 +654,7 @@ characters as well.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswblank (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- It is declared in @file{wchar.h}.
-@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctrans_t wctrans (const char *@var{property})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Similar implementation, same caveats as wctype.
- The @code{wctrans} function has to be used to find out whether a named
- mapping is defined in the current locale selected for the
- @code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Same caveats as iswctype.
- @code{towctrans} maps the input character @var{wc}
- according to the rules of the mapping for which @var{desc} is a
- descriptor, and returns the value it finds. @var{desc} must be
-@@ -732,6 +792,9 @@ for them.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
-+@c table.
- If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
- lower-case letter. If @var{wc} is not an upper-case letter,
- @var{wc} is returned unchanged.
-@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
- upper-case letter. Otherwise @var{wc} is returned unchanged.
-
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=373cd1281ba686c2fef8b1307137684c40b28058
commit 373cd1281ba686c2fef8b1307137684c40b28058
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=341e0af39e89972732f33b2256ec2fbf58b1e847
commit 341e0af39e89972732f33b2256ec2fbf58b1e847
Merge: 22369f6 6d47d3e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:24 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=22369f6227522e2f4407b9abce208678d6b25c56
commit 22369f6227522e2f4407b9abce208678d6b25c56
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:24 2013 -0300
rename
diff --git a/meta b/meta
index 17b9635..8fa23ce 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 0b75a41fcc67c6881f3b617255ab07bf329d5cac
+Previous: 6d47d3e1ad0ad4cbb739a9566bab050b7332879f
Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- thread-safety-documentation: 263eed84f16353fb704fac8338422fb3f7b863fb
+ manual-document-mt-safety-ctype.patch: 263eed84f16353fb704fac8338422fb3f7b863fb
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/thread-safety-documentation b/patches/manual-document-mt-safety-ctype.patch
similarity index 100%
rename from patches/thread-safety-documentation
rename to patches/manual-document-mt-safety-ctype.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=263eed84f16353fb704fac8338422fb3f7b863fb
commit 263eed84f16353fb704fac8338422fb3f7b863fb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=6d47d3e1ad0ad4cbb739a9566bab050b7332879f
commit 6d47d3e1ad0ad4cbb739a9566bab050b7332879f
Merge: bd16efa 263eed8 0b75a41
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:20 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=bd16efad2e7d1525257f2187add8a7387b61ec3a
commit bd16efad2e7d1525257f2187add8a7387b61ec3a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:20 2013 -0300
push
diff --git a/meta b/meta
index b6d3dfd..17b9635 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 94bcb95c7761ccb5002d8edda88363348254fc9b
-Head: edeb8dbee9aa4cdef77764287545e16903acea6d
+Previous: 0b75a41fcc67c6881f3b617255ab07bf329d5cac
+Head: 263eed84f16353fb704fac8338422fb3f7b863fb
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
+ thread-safety-documentation: 263eed84f16353fb704fac8338422fb3f7b863fb
Unapplied:
- thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b75a41fcc67c6881f3b617255ab07bf329d5cac
commit 0b75a41fcc67c6881f3b617255ab07bf329d5cac
Merge: 7d52af6 94bcb95
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:17 2013 -0300
delete
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7d52af62bb639f5544bca7e8b69d8f3345c62534
commit 7d52af62bb639f5544bca7e8b69d8f3345c62534
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:17 2013 -0300
delete
diff --git a/meta b/meta
index a644764..b6d3dfd 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 21f52a44eea40f61c3498a5656d52bdcd2dec5a3
+Previous: 94bcb95c7761ccb5002d8edda88363348254fc9b
Head: edeb8dbee9aa4cdef77764287545e16903acea6d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -10,7 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
Unapplied:
- manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
deleted file mode 100644
index 2a75975..0000000
--- a/patches/manual-document-mt-safety-ctype.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: 493d959bda4db41836ea91b2b9685b47ab733575
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 15:29:41 -0300
-
-Thread safety documentation.
-
-for ChangeLog
-
- * manual/ctype.texi: Document thread safety properties.
-
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=94bcb95c7761ccb5002d8edda88363348254fc9b
commit 94bcb95c7761ccb5002d8edda88363348254fc9b
Merge: b8254dd 21f52a4
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:13 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b8254dd65ab141ad4ff97a3ef57353bcd6128cc1
commit b8254dd65ab141ad4ff97a3ef57353bcd6128cc1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:13 2013 -0300
pop
diff --git a/meta b/meta
index 36e927d..a644764 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 01ba6509e76c37c53f223aa41a356f828ae95dd9
-Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
+Previous: 21f52a44eea40f61c3498a5656d52bdcd2dec5a3
+Head: edeb8dbee9aa4cdef77764287545e16903acea6d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Unapplied:
+ manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=21f52a44eea40f61c3498a5656d52bdcd2dec5a3
commit 21f52a44eea40f61c3498a5656d52bdcd2dec5a3
Merge: ca3235f 01ba650
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:11 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ca3235f0c5bc0ab96bb1731e5330d87e7ffc3ba0
commit ca3235f0c5bc0ab96bb1731e5330d87e7ffc3ba0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:50:11 2013 -0300
pop
diff --git a/meta b/meta
index 9037bb4..36e927d 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b204cd705feb2a980347509a610cf2c69c94d0c4
-Head: 037925e5b8ba3712e9e445a6aa776f239cf442d6
+Previous: 01ba6509e76c37c53f223aa41a356f828ae95dd9
+Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
- thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
Unapplied:
+ thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=01ba6509e76c37c53f223aa41a356f828ae95dd9
commit 01ba6509e76c37c53f223aa41a356f828ae95dd9
Merge: b990842 b204cd7 037925e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:34 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b990842c0048131094b4c998a42878d030656563
commit b990842c0048131094b4c998a42878d030656563
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:34 2013 -0300
push
diff --git a/meta b/meta
index bda615a..9037bb4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
-Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
+Previous: b204cd705feb2a980347509a610cf2c69c94d0c4
+Head: 037925e5b8ba3712e9e445a6aa776f239cf442d6
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
+ thread-safety-documentation: 037925e5b8ba3712e9e445a6aa776f239cf442d6
Unapplied:
- thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=037925e5b8ba3712e9e445a6aa776f239cf442d6
commit 037925e5b8ba3712e9e445a6aa776f239cf442d6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b204cd705feb2a980347509a610cf2c69c94d0c4
commit b204cd705feb2a980347509a610cf2c69c94d0c4
Merge: 93ded1a d23f7c1 c4d8656
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:29 2013 -0300
float
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=93ded1a7958ba004b87ebe83c131cd7b4596fe27
commit 93ded1a7958ba004b87ebe83c131cd7b4596fe27
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:29 2013 -0300
float
diff --git a/meta b/meta
index e19bd6a..bda615a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: ded1cbad68c823f7e5a5fb954335efc3deea5099
-Head: edeb8dbee9aa4cdef77764287545e16903acea6d
+Previous: d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
+Head: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
+ manual-document-mt-safety-ctype.patch: c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Unapplied:
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
- manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 81dc143..2a75975 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
+Top: 493d959bda4db41836ea91b2b9685b47ab733575
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
commit c4d86565aa8b23d5d5bbf14be5a4de9e3becd01c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
commit d23f7c10ca80160c18a6244ffd6bb1063ee0fdc4
Merge: 9be9722 ded1cba
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:22 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9be97221622fd917db1c217b6ca09f5005021d33
commit 9be97221622fd917db1c217b6ca09f5005021d33
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:22 2013 -0300
pop
diff --git a/meta b/meta
index aa02944..e19bd6a 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 1f8aef10fb0532c119933b7180448195cae41286
-Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
+Previous: ded1cbad68c823f7e5a5fb954335efc3deea5099
+Head: edeb8dbee9aa4cdef77764287545e16903acea6d
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Unapplied:
+ thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ded1cbad68c823f7e5a5fb954335efc3deea5099
commit ded1cbad68c823f7e5a5fb954335efc3deea5099
Merge: 8c29027 1f8aef1
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:19 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8c29027c5903c5b06b3b047951e446c8323a5231
commit 8c29027c5903c5b06b3b047951e446c8323a5231
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:19 2013 -0300
pop
diff --git a/meta b/meta
index 7678427..aa02944 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 42127c6adf6b3fb40b817039381af0c76d6cd909
-Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
+Previous: 1f8aef10fb0532c119933b7180448195cae41286
+Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
- manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Unapplied:
+ manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1f8aef10fb0532c119933b7180448195cae41286
commit 1f8aef10fb0532c119933b7180448195cae41286
Merge: 13a2bc4 42127c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=13a2bc492778d981dd7a1abc62b99bcea4155bad
commit 13a2bc492778d981dd7a1abc62b99bcea4155bad
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh
diff --git a/meta b/meta
index 2805221..7678427 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 90cb66ac53976afa5ea21d24129a11802391cef4
-Head: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
+Previous: 42127c6adf6b3fb40b817039381af0c76d6cd909
+Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -11,7 +11,6 @@ Applied:
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
- refresh-temp: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index a9314fd..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,10 +0,0 @@
-Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 21:49:03 -0300
-
-Refresh of manual-document-mt-safety-ctype.patch
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=42127c6adf6b3fb40b817039381af0c76d6cd909
commit 42127c6adf6b3fb40b817039381af0c76d6cd909
Merge: 35ad4eb da0b804 90cb66a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=35ad4ebdd4491aadf7c92045a079db207b038d65
commit 35ad4ebdd4491aadf7c92045a079db207b038d65
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:04 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index f235c98..2805221 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: d8fff601b7c4051337384975bb7fdbd1c076b15b
-Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
+Previous: 90cb66ac53976afa5ea21d24129a11802391cef4
+Head: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -11,6 +11,7 @@ Applied:
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
+ refresh-temp: da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..a9314fd
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,10 @@
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:49:03 -0300
+
+Refresh of manual-document-mt-safety-ctype.patch
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=da0b8049fb1c9a2e5ab1163bbc2af928add275a3
commit da0b8049fb1c9a2e5ab1163bbc2af928add275a3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:49:03 2013 -0300
Refresh of manual-document-mt-safety-ctype.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=90cb66ac53976afa5ea21d24129a11802391cef4
commit 90cb66ac53976afa5ea21d24129a11802391cef4
Merge: eb807d7 d8fff60 4b596f7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:22 2013 -0300
push (CONFLICT)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=eb807d7e094a4927569dbd237278a0319b1cab1a
commit eb807d7e094a4927569dbd237278a0319b1cab1a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:22 2013 -0300
push (CONFLICT)
diff --git a/meta b/meta
index 72174f4..f235c98 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 5287c793843e946fd2f478b0a2785249cc640f9c
-Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
+Previous: d8fff601b7c4051337384975bb7fdbd1c076b15b
+Head: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,7 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
+ manual-document-mt-safety-ctype.patch: 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Unapplied:
- manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 40dba95..81dc143 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
-Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: eb7c2702254befc63994aae3ba24a286ee829464
+Bottom: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -12,779 +12,4 @@ for ChangeLog
---
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-deleted file mode 100644
-index 3d13571..0000000
---- a/manual/ctype.texi
-+++ /dev/null
-@@ -1,770 +0,0 @@
--@node Character Handling, String and Array Utilities, Memory, Top
--@c %MENU% Character testing and conversion functions
--@chapter Character Handling
--
--Programs that work with characters and strings often need to classify a
--character---is it alphabetic, is it a digit, is it whitespace, and so
--on---and perform case conversion operations on characters. The
--functions in the header file @file{ctype.h} are provided for this
--purpose.
--@pindex ctype.h
--
--Since the choice of locale and character set can alter the
--classifications of particular character codes, all of these functions
--are affected by the current locale. (More precisely, they are affected
--by the locale currently selected for character classification---the
--@code{LC_CTYPE} category; see @ref{Locale Categories}.)
--
--The @w{ISO C} standard specifies two different sets of functions. The
--one set works on @code{char} type characters, the other one on
--@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
--
--@menu
--* Classification of Characters:: Testing whether characters are
-- letters, digits, punctuation, etc.
--
--* Case Conversion:: Case mapping, and the like.
--* Classification of Wide Characters:: Character class determination for
-- wide characters.
--* Using Wide Char Classes:: Notes on using the wide character
-- classes.
--* Wide Character Case Conversion:: Mapping of wide characters.
--@end menu
--
--@node Classification of Characters, Case Conversion, , Character Handling
--@section Classification of Characters
--@cindex character testing
--@cindex classification of characters
--@cindex predicates on characters
--@cindex character predicates
--
--This section explains the library functions for classifying characters.
--For example, @code{isalpha} is the function to test for an alphabetic
--character. It takes one argument, the character to test, and returns a
--nonzero integer if the character is alphabetic, and zero otherwise. You
--would use it like this:
--
--@smallexample
--if (isalpha (c))
-- printf ("The character `%c' is alphabetic.\n", c);
--@end smallexample
--
--Each of the functions in this section tests for membership in a
--particular class of characters; each has a name starting with @samp{is}.
--Each of them takes one argument, which is a character to test, and
--returns an @code{int} which is treated as a boolean value. The
--character argument is passed as an @code{int}, and it may be the
--constant value @code{EOF} instead of a real character.
--
--The attributes of any given character can vary between locales.
--@xref{Locales}, for more information on locales.@refill
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int islower (int @var{c})
--Returns true if @var{c} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex upper-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int isupper (int @var{c})
--Returns true if @var{c} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex alphabetic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalpha (int @var{c})
--Returns true if @var{c} is an alphabetic character (a letter). If
--@code{islower} or @code{isupper} is true of a character, then
--@code{isalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{isalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--@end deftypefun
--
--@cindex digit character
--@cindex decimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isdigit (int @var{c})
--Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
--@end deftypefun
--
--@cindex alphanumeric character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalnum (int @var{c})
--Returns true if @var{c} is an alphanumeric character (a letter or
--number); in other words, if either @code{isalpha} or @code{isdigit} is
--true of a character, then @code{isalnum} is also true.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isxdigit (int @var{c})
--Returns true if @var{c} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--@end deftypefun
--
--@cindex punctuation character
--@comment ctype.h
--@comment ISO
--@deftypefun int ispunct (int @var{c})
--Returns true if @var{c} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--@end deftypefun
--
--@cindex whitespace character
--@comment ctype.h
--@comment ISO
--@deftypefun int isspace (int @var{c})
--Returns true if @var{c} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{isspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item ' '
--space
--
--@item '\f'
--formfeed
--
--@item '\n'
--newline
--
--@item '\r'
--carriage return
--
--@item '\t'
--horizontal tab
--
--@item '\v'
--vertical tab
--@end table
--@end deftypefun
--
--@cindex blank character
--@comment ctype.h
--@comment ISO
--@deftypefun int isblank (int @var{c})
--Returns true if @var{c} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--@end deftypefun
--
--@cindex graphic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isgraph (int @var{c})
--Returns true if @var{c} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--@end deftypefun
--
--@cindex printing character
--@comment ctype.h
--@comment ISO
--@deftypefun int isprint (int @var{c})
--Returns true if @var{c} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--@end deftypefun
--
--@cindex control character
--@comment ctype.h
--@comment ISO
--@deftypefun int iscntrl (int @var{c})
--Returns true if @var{c} is a control character (that is, a character that
--is not a printing character).
--@end deftypefun
--
--@cindex ASCII character
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int isascii (int @var{c})
--Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
--into the US/UK ASCII character set. This function is a BSD extension
--and is also an SVID extension.
--@end deftypefun
--
--@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
--@section Case Conversion
--@cindex character case conversion
--@cindex case conversion of characters
--@cindex converting case of characters
--
--This section explains the library functions for performing conversions
--such as case mappings on characters. For example, @code{toupper}
--converts any character to upper case if possible. If the character
--can't be converted, @code{toupper} returns it unchanged.
--
--These functions take one argument of type @code{int}, which is the
--character to convert, and return the converted character as an
--@code{int}. If the conversion is not applicable to the argument given,
--the argument is returned unchanged.
--
--@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
--returning the argument unchanged, these functions may fail when the
--argument is not suitable for the conversion. Thus for portability, you
--may need to write @code{islower(c) ? toupper(c) : c} rather than just
--@code{toupper(c)}.
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@comment ctype.h
--@comment ISO
--@deftypefun int tolower (int @var{c})
--If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
--lower-case letter. If @var{c} is not an upper-case letter,
--@var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment ISO
--@deftypefun int toupper (int @var{c})
--If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
--upper-case letter. Otherwise @var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int toascii (int @var{c})
--This function converts @var{c} to a 7-bit @code{unsigned char} value
--that fits into the US/UK ASCII character set, by clearing the high-order
--bits. This function is a BSD extension and is also an SVID extension.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _tolower (int @var{c})
--This is identical to @code{tolower}, and is provided for compatibility
--with the SVID. @xref{SVID}.@refill
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _toupper (int @var{c})
--This is identical to @code{toupper}, and is provided for compatibility
--with the SVID.
--@end deftypefun
--
--
--@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
--@section Character class determination for wide characters
--
--@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
--characters. Although the original @w{ISO C90} standard already defined
--the type @code{wchar_t}, no functions operating on them were defined.
--
--The general design of the classification functions for wide characters
--is more general. It allows extensions to the set of available
--classifications, beyond those which are always available. The POSIX
--standard specifies how extensions can be made, and this is already
--implemented in the @glibcadj{} implementation of the @code{localedef}
--program.
--
--The character class functions are normally implemented with bitsets,
--with a bitset per character. For a given character, the appropriate
--bitset is read from a table and a test is performed as to whether a
--certain bit is set. Which bit is tested for is determined by the
--class.
--
--For the wide character classification functions this is made visible.
--There is a type classification type defined, a function to retrieve this
--value for a given class, and a function to test whether a given
--character is in this class, using the classification value. On top of
--this the normal character classification functions as used for
--@code{char} objects can be defined.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data type} wctype_t
--The @code{wctype_t} can hold a value which represents a character class.
--The only defined way to generate such a value is by using the
--@code{wctype} function.
--
--@pindex wctype.h
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctype_t wctype (const char *@var{property})
--The @code{wctype} returns a value representing a class of wide
--characters which is identified by the string @var{property}. Beside
--some standard properties each locale can define its own ones. In case
--no property with the given name is known for the current locale
--selected for the @code{LC_CTYPE} category, the function returns zero.
--
--@noindent
--The properties known in every locale are:
--
--@multitable @columnfractions .25 .25 .25 .25
--@item
--@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
--@item
--@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
--@item
--@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
--@end multitable
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To test the membership of a character to one of the non-standard classes
--the @w{ISO C} standard defines a completely new function.
--
--@comment wctype.h
--@comment ISO
--@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
--This function returns a nonzero value if @var{wc} is in the character
--class specified by @var{desc}. @var{desc} must previously be returned
--by a successful call to @code{wctype}.
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To make it easier to use the commonly-used classification functions,
--they are defined in the C library. There is no need to use
--@code{wctype} if the property string is one of the known character
--classes. In some situations it is desirable to construct the property
--strings, and then it is important that @code{wctype} can also handle the
--standard classes.
--
--@cindex alphanumeric character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalnum (wint_t @var{wc})
--This function returns a nonzero value if @var{wc} is an alphanumeric
--character (a letter or number); in other words, if either @code{iswalpha}
--or @code{iswdigit} is true of a character, then @code{iswalnum} is also
--true.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alnum"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex alphabetic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalpha (wint_t @var{wc})
--Returns true if @var{wc} is an alphabetic character (a letter). If
--@code{iswlower} or @code{iswupper} is true of a character, then
--@code{iswalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{iswalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alpha"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex control character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswcntrl (wint_t @var{wc})
--Returns true if @var{wc} is a control character (that is, a character that
--is not a printing character).
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("cntrl"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswdigit (wint_t @var{wc})
--Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
--Please note that this function does not only return a nonzero value for
--@emph{decimal} digits, but for all kinds of digits. A consequence is
--that code like the following will @strong{not} work unconditionally for
--wide characters:
--
--@smallexample
--n = 0;
--while (iswdigit (*wc))
-- @{
-- n *= 10;
-- n += *wc++ - L'0';
-- @}
--@end smallexample
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("digit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex graphic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswgraph (wint_t @var{wc})
--Returns true if @var{wc} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("graph"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int iswlower (wint_t @var{wc})
--Returns true if @var{wc} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("lower"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex printing character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswprint (wint_t @var{wc})
--Returns true if @var{wc} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("print"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex punctuation character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswpunct (wint_t @var{wc})
--Returns true if @var{wc} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("punct"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex whitespace character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswspace (wint_t @var{wc})
--Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{iswspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item L' '
--space
--
--@item L'\f'
--formfeed
--
--@item L'\n'
--newline
--
--@item L'\r'
--carriage return
--
--@item L'\t'
--horizontal tab
--
--@item L'\v'
--vertical tab
--@end table
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("space"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex upper-case character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswupper (wint_t @var{wc})
--Returns true if @var{wc} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("upper"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswxdigit (wint_t @var{wc})
--Returns true if @var{wc} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("xdigit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@Theglibc{} also provides a function which is not defined in the
--@w{ISO C} standard but which is available as a version for single byte
--characters as well.
--
--@cindex blank character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswblank (wint_t @var{wc})
--Returns true if @var{wc} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--It is declared in @file{wchar.h}.
--@end deftypefun
--
--@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
--@section Notes on using the wide character classes
--
--The first note is probably not astonishing but still occasionally a
--cause of problems. The @code{isw@var{XXX}} functions can be implemented
--using macros and in fact, @theglibc{} does this. They are still
--available as real functions but when the @file{wctype.h} header is
--included the macros will be used. This is the same as the
--@code{char} type versions of these functions.
--
--The second note covers something new. It can be best illustrated by a
--(real-world) example. The first piece of code is an excerpt from the
--original code. It is truncated a bit but the intention should be clear.
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- if (strcmp (class, "alnum") == 0)
-- return isalnum (c);
-- if (strcmp (class, "alpha") == 0)
-- return isalpha (c);
-- if (strcmp (class, "cntrl") == 0)
-- return iscntrl (c);
-- @dots{}
-- return 0;
--@}
--@end smallexample
--
--Now, with the @code{wctype} and @code{iswctype} you can avoid the
--@code{if} cascades, but rewriting the code as follows is wrong:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype ((wint_t) c, desc) : 0;
--@}
--@end smallexample
--
--The problem is that it is not guaranteed that the wide character
--representation of a single-byte character can be found using casting.
--In fact, usually this fails miserably. The correct solution to this
--problem is to write the code as follows:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype (btowc (c), desc) : 0;
--@}
--@end smallexample
--
--@xref{Converting a Character}, for more information on @code{btowc}.
--Note that this change probably does not improve the performance
--of the program a lot since the @code{wctype} function still has to make
--the string comparisons. It gets really interesting if the
--@code{is_in_class} function is called more than once for the
--same class name. In this case the variable @var{desc} could be computed
--once and reused for all the calls. Therefore the above form of the
--function is probably not the final one.
--
--
--@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
--@section Mapping of wide characters.
--
--The classification functions are also generalized by the @w{ISO C}
--standard. Instead of just allowing the two standard mappings, a
--locale can contain others. Again, the @code{localedef} program
--already supports generating such locale data files.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data Type} wctrans_t
--This data type is defined as a scalar type which can hold a value
--representing the locale-dependent character mapping. There is no way to
--construct such a value apart from using the return value of the
--@code{wctrans} function.
--
--@pindex wctype.h
--@noindent
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctrans_t wctrans (const char *@var{property})
--The @code{wctrans} function has to be used to find out whether a named
--mapping is defined in the current locale selected for the
--@code{LC_CTYPE} category. If the returned value is non-zero, you can use
--it afterwards in calls to @code{towctrans}. If the return value is
--zero no such mapping is known in the current locale.
--
--Beside locale-specific mappings there are two mappings which are
--guaranteed to be available in every locale:
--
--@multitable @columnfractions .5 .5
--@item
--@code{"tolower"} @tab @code{"toupper"}
--@end multitable
--
--@pindex wctype.h
--@noindent
--These functions are declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@code{towctrans} maps the input character @var{wc}
--according to the rules of the mapping for which @var{desc} is a
--descriptor, and returns the value it finds. @var{desc} must be
--obtained by a successful call to @code{wctrans}.
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--For the generally available mappings, the @w{ISO C} standard defines
--convenient shortcuts so that it is not necessary to call @code{wctrans}
--for them.
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towlower (wint_t @var{wc})
--If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
--lower-case letter. If @var{wc} is not an upper-case letter,
--@var{wc} is returned unchanged.
--
--@noindent
--@code{towlower} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("tolower"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towupper (wint_t @var{wc})
--If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
--upper-case letter. Otherwise @var{wc} is returned unchanged.
--
--@noindent
--@code{towupper} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("toupper"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--The same warnings given in the last section for the use of the wide
--character classification functions apply here. It is not possible to
--simply cast a @code{char} type value to a @code{wint_t} and use it as an
--argument to @code{towctrans} calls.
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
commit 4b596f7cb8d6e09ce5f72cb1cb02bc0ed0b31368
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d8fff601b7c4051337384975bb7fdbd1c076b15b
commit d8fff601b7c4051337384975bb7fdbd1c076b15b
Merge: 8ebb9bc 5287c79 1ae8e2e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8ebb9bc501031359a6f474e70546a975d8e89269
commit 8ebb9bc501031359a6f474e70546a975d8e89269
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh
diff --git a/meta b/meta
index 150ab75..72174f4 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b6864e5d068d813c95f42cc42a4af998364b9e2d
-Head: 1c7a149c0726600eabeb718bf88b5d82031f6857
+Previous: 5287c793843e946fd2f478b0a2785249cc640f9c
+Head: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- thread-safety-documentation: fbb71ce3cced40f87c25964011852d114f327c36
- refresh-temp: 1c7a149c0726600eabeb718bf88b5d82031f6857
+ thread-safety-documentation: 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Unapplied:
manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 702824c..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,332 +0,0 @@
-Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
-Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 21:48:14 -0300
-
-Refresh of thread-safety-documentation
-
----
-
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-index f05d509..ddf38ce 100644
---- a/manual/ctype.texi
-+++ b/manual/ctype.texi
-@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int islower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The is* macros call __ctype_b_loc to get the ctype array from the
-+@c current locale, and then index it by c. __ctype_b_loc reads from
-+@c thread-local memory the (indirect) pointer to the ctype array, which
-+@c may involve one word access to the global locale object, if that's
-+@c the active locale for the thread, and the array, being part of the
-+@c locale data, is undeletable, so there's no thread-safety issue.
- Returns true if @var{c} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
- @end deftypefun
-@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
- @comment ctype.h
- @comment ISO
- @deftypefun int isalpha (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphabetic character (a letter). If
- @code{islower} or @code{isupper} is true of a character, then
- @code{isalpha} is also true.
-@@ -97,6 +106,7 @@ additional characters.
- @comment ctype.h
- @comment ISO
- @deftypefun int isdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @end deftypefun
-
-@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
- @comment ctype.h
- @comment ISO
- @deftypefun int isalnum (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is an alphanumeric character (a letter or
- number); in other words, if either @code{isalpha} or @code{isdigit} is
- true of a character, then @code{isalnum} is also true.
-@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
- @comment ctype.h
- @comment ISO
- @deftypefun int isxdigit (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
- @comment ctype.h
- @comment ISO
- @deftypefun int ispunct (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -132,6 +145,7 @@ character.
- @comment ctype.h
- @comment ISO
- @deftypefun int isspace (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{isspace} returns true for only the standard
- whitespace characters:
-@@ -161,6 +175,7 @@ vertical tab
- @comment ctype.h
- @comment ISO
- @deftypefun int isblank (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- @end deftypefun
-@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
- @comment ctype.h
- @comment ISO
- @deftypefun int isgraph (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -178,6 +194,7 @@ considered graphic.
- @comment ctype.h
- @comment ISO
- @deftypefun int isprint (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
- @end deftypefun
-@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
- @comment ctype.h
- @comment ISO
- @deftypefun int iscntrl (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a control character (that is, a character that
- is not a printing character).
- @end deftypefun
-@@ -194,6 +212,7 @@ is not a printing character).
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int isascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
- into the US/UK ASCII character set. This function is a BSD extension
- and is also an SVID extension.
-@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The to* macros/functions call different functions that use different
-+@c arrays than those of__ctype_b_loc, but the access patterns and
-+@c thus safety guarantees are the same.
- If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
- lower-case letter. If @var{c} is not an upper-case letter,
- @var{c} is returned unchanged.
-@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
- @comment ctype.h
- @comment ISO
- @deftypefun int toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
- upper-case letter. Otherwise @var{c} is returned unchanged.
- @end deftypefun
-@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
- @comment ctype.h
- @comment SVID, BSD
- @deftypefun int toascii (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This function converts @var{c} to a 7-bit @code{unsigned char} value
- that fits into the US/UK ASCII character set, by clearing the high-order
- bits. This function is a BSD extension and is also an SVID extension.
-@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
- @comment ctype.h
- @comment SVID
- @deftypefun int _tolower (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{tolower}, and is provided for compatibility
- with the SVID. @xref{SVID}.@refill
- @end deftypefun
-@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
- @comment ctype.h
- @comment SVID
- @deftypefun int _toupper (int @var{c})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
- This is identical to @code{toupper}, and is provided for compatibility
- with the SVID.
- @end deftypefun
-@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctype_t wctype (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Although the source code of wctype contains multiple references to
-+@c the locale, that could each reference different locale_data objects
-+@c should the global locale object change while active, the compiler can
-+@c and does combine them all into a single dereference that resolves
-+@c once to the LCTYPE locale object used throughout the function, so it
-+@c is safe in practice, if not in theory. Ideally we'd explicitly save
-+@c the resolved locale_data object to make it visibly safe instead of
-+@c safe only under compiler optimizations.
- The @code{wctype} returns a value representing a class of wide
- characters which is identified by the string @var{property}. Beside
- some standard properties each locale can define its own ones. In case
-@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c The compressed lookup table returned by wctype is read-only.
- This function returns a nonzero value if @var{wc} is in the character
- class specified by @var{desc}. @var{desc} must previously be returned
- by a successful call to @code{wctype}.
-@@ -350,6 +388,15 @@ standard classes.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalnum (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c The implicit wctype call in the isw* functions is actually an
-+@c optimized version because the category has a known offset, but the
-+@c wctype is equally safe when optimized, unsafe if not optimized.
-+@c Since it's not a macro, and we always optimize, it's fine. The test
-+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
-+@c bring any other safety issues: the test does not depend on the
-+@c locale, and each path after the decision resolves the locale object
-+@c only once.
- This function returns a nonzero value if @var{wc} is an alphanumeric
- character (a letter or number); in other words, if either @code{iswalpha}
- or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswalpha (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an alphabetic character (a letter). If
- @code{iswlower} or @code{iswupper} is true of a character, then
- @code{iswalpha} is also true.
-@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswcntrl (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a control character (that is, a character that
- is not a printing character).
-
-@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
- Please note that this function does not only return a nonzero value for
- @emph{decimal} digits, but for all kinds of digits. A consequence is
-@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswgraph (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a graphic character; that is, a character
- that has a glyph associated with it. The whitespace characters are not
- considered graphic.
-@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
- @comment ctype.h
- @comment ISO
- @deftypefun int iswlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a lower-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswprint (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a printing character. Printing characters
- include all the graphic characters, plus the space (@samp{ }) character.
-
-@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswpunct (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a punctuation character.
- This means any printing character that is not alphanumeric or a space
- character.
-@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswspace (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
- @code{"C"} locale, @code{iswspace} returns true for only the standard
- whitespace characters:
-@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is an upper-case letter. The letter need not be
- from the Latin alphabet, any alphabet representable is valid.
-
-@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswxdigit (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a hexadecimal digit.
- Hexadecimal digits include the normal decimal digits @samp{0} through
- @samp{9} and the letters @samp{A} through @samp{F} and
-@@ -597,6 +654,7 @@ characters as well.
- @comment wctype.h
- @comment ISO
- @deftypefun int iswblank (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- Returns true if @var{wc} is a blank character; that is, a space or a tab.
- This function was originally a GNU extension, but was added in @w{ISO C99}.
- It is declared in @file{wchar.h}.
-@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctrans_t wctrans (const char *@var{property})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Similar implementation, same caveats as wctype.
- The @code{wctrans} function has to be used to find out whether a named
- mapping is defined in the current locale selected for the
- @code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-+@safety{@mtsafe{}@assafe{}@acsafe{}}
-+@c Same caveats as iswctype.
- @code{towctrans} maps the input character @var{wc}
- according to the rules of the mapping for which @var{desc} is a
- descriptor, and returns the value it finds. @var{desc} must be
-@@ -732,6 +792,9 @@ for them.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towlower (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
-+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
-+@c table.
- If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
- lower-case letter. If @var{wc} is not an upper-case letter,
- @var{wc} is returned unchanged.
-@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towupper (wint_t @var{wc})
-+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
- If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
- upper-case letter. Otherwise @var{wc} is returned unchanged.
diff --git a/patches/thread-safety-documentation b/patches/thread-safety-documentation
index 9799a98..a9588e2 100644
--- a/patches/thread-safety-documentation
+++ b/patches/thread-safety-documentation
@@ -1,5 +1,5 @@
Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -13,22 +13,323 @@ for ChangeLog
---
diff --git a/manual/ctype.texi b/manual/ctype.texi
-index 3d13571..f05d509 100644
+index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
-@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
+@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int islower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The is* macros call __ctype_b_loc to get the ctype array from the
++@c current locale, and then index it by c. __ctype_b_loc reads from
++@c thread-local memory the (indirect) pointer to the ctype array, which
++@c may involve one word access to the global locale object, if that's
++@c the active locale for the thread, and the array, being part of the
++@c locale data, is undeletable, so there's no thread-safety issue.
+ Returns true if @var{c} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalpha (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphabetic character (a letter). If
+ @code{islower} or @code{isupper} is true of a character, then
+ @code{isalpha} is also true.
+@@ -97,6 +106,7 @@ additional characters.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @end deftypefun
+
+@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalnum (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphanumeric character (a letter or
+ number); in other words, if either @code{isalpha} or @code{isdigit} is
+ true of a character, then @code{isalnum} is also true.
+@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isxdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int ispunct (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -132,6 +145,7 @@ character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isspace (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{isspace} returns true for only the standard
+ whitespace characters:
+@@ -161,6 +175,7 @@ vertical tab
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isblank (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @end deftypefun
+@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isgraph (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -178,6 +194,7 @@ considered graphic.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isprint (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+ @end deftypefun
+@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iscntrl (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a control character (that is, a character that
+ is not a printing character).
+ @end deftypefun
+@@ -194,6 +212,7 @@ is not a printing character).
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int isascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+ into the US/UK ASCII character set. This function is a BSD extension
+ and is also an SVID extension.
+@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The to* macros/functions call different functions that use different
++@c arrays than those of__ctype_b_loc, but the access patterns and
++@c thus safety guarantees are the same.
+ If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+ lower-case letter. If @var{c} is not an upper-case letter,
+ @var{c} is returned unchanged.
+@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @end deftypefun
+@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int toascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function converts @var{c} to a 7-bit @code{unsigned char} value
+ that fits into the US/UK ASCII character set, by clearing the high-order
+ bits. This function is a BSD extension and is also an SVID extension.
+@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{tolower}, and is provided for compatibility
+ with the SVID. @xref{SVID}.@refill
+ @end deftypefun
+@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{toupper}, and is provided for compatibility
+ with the SVID.
+ @end deftypefun
+@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctype_t wctype (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Although the source code of wctype contains multiple references to
++@c the locale, that could each reference different locale_data objects
++@c should the global locale object change while active, the compiler can
++@c and does combine them all into a single dereference that resolves
++@c once to the LCTYPE locale object used throughout the function, so it
++@c is safe in practice, if not in theory. Ideally we'd explicitly save
++@c the resolved locale_data object to make it visibly safe instead of
++@c safe only under compiler optimizations.
+ The @code{wctype} returns a value representing a class of wide
+ characters which is identified by the string @var{property}. Beside
+ some standard properties each locale can define its own ones. In case
+@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The compressed lookup table returned by wctype is read-only.
+ This function returns a nonzero value if @var{wc} is in the character
+ class specified by @var{desc}. @var{desc} must previously be returned
+ by a successful call to @code{wctype}.
+@@ -350,6 +388,15 @@ standard classes.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalnum (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c The implicit wctype call in the isw* functions is actually an
++@c optimized version because the category has a known offset, but the
++@c wctype is equally safe when optimized, unsafe if not optimized.
++@c Since it's not a macro, and we always optimize, it's fine. The test
++@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
++@c bring any other safety issues: the test does not depend on the
++@c locale, and each path after the decision resolves the locale object
++@c only once.
+ This function returns a nonzero value if @var{wc} is an alphanumeric
+ character (a letter or number); in other words, if either @code{iswalpha}
+ or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalpha (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an alphabetic character (a letter). If
+ @code{iswlower} or @code{iswupper} is true of a character, then
+ @code{iswalpha} is also true.
+@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswcntrl (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a control character (that is, a character that
+ is not a printing character).
+
+@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+ Please note that this function does not only return a nonzero value for
+ @emph{decimal} digits, but for all kinds of digits. A consequence is
+@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswgraph (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iswlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswprint (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+
+@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswpunct (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswspace (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{iswspace} returns true for only the standard
+ whitespace characters:
+@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswxdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -597,6 +654,7 @@ characters as well.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswblank (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ It is declared in @file{wchar.h}.
+@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
+@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
+@@ -730,6 +792,9 @@ for them.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Same caveats as iswalnum, just using a wctrans rather than a wctype
++@c table.
+ If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+ lower-case letter. If @var{wc} is not an upper-case letter,
+ @var{wc} is returned unchanged.
+@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+ upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5287c793843e946fd2f478b0a2785249cc640f9c
commit 5287c793843e946fd2f478b0a2785249cc640f9c
Merge: a0855bc 1c7a149 b6864e5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a0855bc90966b5b2e0e30eefe708975da5b5964f
commit a0855bc90966b5b2e0e30eefe708975da5b5964f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 5317d84..150ab75 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: b6864e5d068d813c95f42cc42a4af998364b9e2d
+Head: 1c7a149c0726600eabeb718bf88b5d82031f6857
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
thread-safety-documentation: fbb71ce3cced40f87c25964011852d114f327c36
+ refresh-temp: 1c7a149c0726600eabeb718bf88b5d82031f6857
Unapplied:
manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..702824c
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,332 @@
+Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: a80e3502e79676408b83a0ee8d2c01161f2e1895
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:48:14 -0300
+
+Refresh of thread-safety-documentation
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index f05d509..ddf38ce 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int islower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The is* macros call __ctype_b_loc to get the ctype array from the
++@c current locale, and then index it by c. __ctype_b_loc reads from
++@c thread-local memory the (indirect) pointer to the ctype array, which
++@c may involve one word access to the global locale object, if that's
++@c the active locale for the thread, and the array, being part of the
++@c locale data, is undeletable, so there's no thread-safety issue.
+ Returns true if @var{c} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalpha (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphabetic character (a letter). If
+ @code{islower} or @code{isupper} is true of a character, then
+ @code{isalpha} is also true.
+@@ -97,6 +106,7 @@ additional characters.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @end deftypefun
+
+@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalnum (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphanumeric character (a letter or
+ number); in other words, if either @code{isalpha} or @code{isdigit} is
+ true of a character, then @code{isalnum} is also true.
+@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isxdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int ispunct (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -132,6 +145,7 @@ character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isspace (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{isspace} returns true for only the standard
+ whitespace characters:
+@@ -161,6 +175,7 @@ vertical tab
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isblank (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @end deftypefun
+@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isgraph (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -178,6 +194,7 @@ considered graphic.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isprint (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+ @end deftypefun
+@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iscntrl (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a control character (that is, a character that
+ is not a printing character).
+ @end deftypefun
+@@ -194,6 +212,7 @@ is not a printing character).
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int isascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+ into the US/UK ASCII character set. This function is a BSD extension
+ and is also an SVID extension.
+@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The to* macros/functions call different functions that use different
++@c arrays than those of__ctype_b_loc, but the access patterns and
++@c thus safety guarantees are the same.
+ If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+ lower-case letter. If @var{c} is not an upper-case letter,
+ @var{c} is returned unchanged.
+@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @end deftypefun
+@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int toascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function converts @var{c} to a 7-bit @code{unsigned char} value
+ that fits into the US/UK ASCII character set, by clearing the high-order
+ bits. This function is a BSD extension and is also an SVID extension.
+@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{tolower}, and is provided for compatibility
+ with the SVID. @xref{SVID}.@refill
+ @end deftypefun
+@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{toupper}, and is provided for compatibility
+ with the SVID.
+ @end deftypefun
+@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctype_t wctype (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Although the source code of wctype contains multiple references to
++@c the locale, that could each reference different locale_data objects
++@c should the global locale object change while active, the compiler can
++@c and does combine them all into a single dereference that resolves
++@c once to the LCTYPE locale object used throughout the function, so it
++@c is safe in practice, if not in theory. Ideally we'd explicitly save
++@c the resolved locale_data object to make it visibly safe instead of
++@c safe only under compiler optimizations.
+ The @code{wctype} returns a value representing a class of wide
+ characters which is identified by the string @var{property}. Beside
+ some standard properties each locale can define its own ones. In case
+@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The compressed lookup table returned by wctype is read-only.
+ This function returns a nonzero value if @var{wc} is in the character
+ class specified by @var{desc}. @var{desc} must previously be returned
+ by a successful call to @code{wctype}.
+@@ -350,6 +388,15 @@ standard classes.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalnum (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c The implicit wctype call in the isw* functions is actually an
++@c optimized version because the category has a known offset, but the
++@c wctype is equally safe when optimized, unsafe if not optimized.
++@c Since it's not a macro, and we always optimize, it's fine. The test
++@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
++@c bring any other safety issues: the test does not depend on the
++@c locale, and each path after the decision resolves the locale object
++@c only once.
+ This function returns a nonzero value if @var{wc} is an alphanumeric
+ character (a letter or number); in other words, if either @code{iswalpha}
+ or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalpha (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an alphabetic character (a letter). If
+ @code{iswlower} or @code{iswupper} is true of a character, then
+ @code{iswalpha} is also true.
+@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswcntrl (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a control character (that is, a character that
+ is not a printing character).
+
+@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+ Please note that this function does not only return a nonzero value for
+ @emph{decimal} digits, but for all kinds of digits. A consequence is
+@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswgraph (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iswlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswprint (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+
+@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswpunct (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswspace (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{iswspace} returns true for only the standard
+ whitespace characters:
+@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswxdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -597,6 +654,7 @@ characters as well.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswblank (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ It is declared in @file{wchar.h}.
+@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Similar implementation, same caveats as wctype.
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Same caveats as iswctype.
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
+@@ -732,6 +792,9 @@ for them.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Same caveats as iswalnum, just using a wctrans rather than a wctype
++@c table.
+ If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+ lower-case letter. If @var{wc} is not an upper-case letter,
+ @var{wc} is returned unchanged.
+@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+ upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1c7a149c0726600eabeb718bf88b5d82031f6857
commit 1c7a149c0726600eabeb718bf88b5d82031f6857
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:48:14 2013 -0300
Refresh of thread-safety-documentation
diff --git a/manual/ctype.texi b/manual/ctype.texi
index f05d509..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -732,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6864e5d068d813c95f42cc42a4af998364b9e2d
commit b6864e5d068d813c95f42cc42a4af998364b9e2d
Merge: 4c198fe cb84458 fbb71ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:47:39 2013 -0300
repair
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4c198fe0826a24451ec717df1163b915944f5f3f
commit 4c198fe0826a24451ec717df1163b915944f5f3f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:47:39 2013 -0300
repair
diff --git a/meta b/meta
index cd8af55..5317d84 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 798b190d23f3f3a4ad79d3ad58033f247cfce24a
+Previous: cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,8 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
+ thread-safety-documentation: fbb71ce3cced40f87c25964011852d114f327c36
Unapplied:
+ manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/thread-safety-documentation b/patches/thread-safety-documentation
new file mode 100644
index 0000000..9799a98
--- /dev/null
+++ b/patches/thread-safety-documentation
@@ -0,0 +1,34 @@
+Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
+Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 15:29:41 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/ctype.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index 3d13571..f05d509 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
commit cb8445821d012f4b3b302f57c1a0b7aad83ad3ae
Merge: 0b60f0a 798b190 fbb71ce
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:46:56 2013 -0300
external modifications
Modifications by tools other than StGit (e.g. git).
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0b60f0aafece87396a646631192339d54c5324fc
commit 0b60f0aafece87396a646631192339d54c5324fc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:46:56 2013 -0300
external modifications
Modifications by tools other than StGit (e.g. git).
diff --git a/meta b/meta
index 4ba806b..cd8af55 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 92ecb9cc92814d23ccb743dab61d49f352050d65
-Head: b1da9d49b81e23d658de4369181599c33e3acd9e
+Previous: 798b190d23f3f3a4ad79d3ad58033f247cfce24a
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=798b190d23f3f3a4ad79d3ad58033f247cfce24a
commit 798b190d23f3f3a4ad79d3ad58033f247cfce24a
Merge: ac15c3c b1da9d4 92ecb9c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:22 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac15c3c240153a4eb66bde41aba4cbb7bdd9d560
commit ac15c3c240153a4eb66bde41aba4cbb7bdd9d560
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:22 2013 -0300
refresh
diff --git a/meta b/meta
index d6de884..4ba806b 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: fa0e164579ef7d32d41b16568c2074df2d84ea0d
-Head: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
+Previous: 92ecb9cc92814d23ccb743dab61d49f352050d65
+Head: b1da9d49b81e23d658de4369181599c33e3acd9e
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -9,8 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
- refresh-temp: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
+ manual-document-mt-safety-ctype.patch: b1da9d49b81e23d658de4369181599c33e3acd9e
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype.patch b/patches/manual-document-mt-safety-ctype.patch
index 9799a98..40dba95 100644
--- a/patches/manual-document-mt-safety-ctype.patch
+++ b/patches/manual-document-mt-safety-ctype.patch
@@ -1,5 +1,5 @@
Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
-Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: eb7c2702254befc63994aae3ba24a286ee829464
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-08-13 15:29:41 -0300
@@ -13,22 +13,778 @@ for ChangeLog
---
diff --git a/manual/ctype.texi b/manual/ctype.texi
-index 3d13571..f05d509 100644
+deleted file mode 100644
+index 3d13571..0000000
--- a/manual/ctype.texi
-+++ b/manual/ctype.texi
-@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wctrans_t wctrans (const char *@var{property})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- The @code{wctrans} function has to be used to find out whether a named
- mapping is defined in the current locale selected for the
- @code{LC_CTYPE} category. If the returned value is non-zero, you can use
-@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
- @comment wctype.h
- @comment ISO
- @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
- @code{towctrans} maps the input character @var{wc}
- according to the rules of the mapping for which @var{desc} is a
- descriptor, and returns the value it finds. @var{desc} must be
++++ /dev/null
+@@ -1,770 +0,0 @@
+-@node Character Handling, String and Array Utilities, Memory, Top
+-@c %MENU% Character testing and conversion functions
+-@chapter Character Handling
+-
+-Programs that work with characters and strings often need to classify a
+-character---is it alphabetic, is it a digit, is it whitespace, and so
+-on---and perform case conversion operations on characters. The
+-functions in the header file @file{ctype.h} are provided for this
+-purpose.
+-@pindex ctype.h
+-
+-Since the choice of locale and character set can alter the
+-classifications of particular character codes, all of these functions
+-are affected by the current locale. (More precisely, they are affected
+-by the locale currently selected for character classification---the
+-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
+-
+-The @w{ISO C} standard specifies two different sets of functions. The
+-one set works on @code{char} type characters, the other one on
+-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
+-
+-@menu
+-* Classification of Characters:: Testing whether characters are
+- letters, digits, punctuation, etc.
+-
+-* Case Conversion:: Case mapping, and the like.
+-* Classification of Wide Characters:: Character class determination for
+- wide characters.
+-* Using Wide Char Classes:: Notes on using the wide character
+- classes.
+-* Wide Character Case Conversion:: Mapping of wide characters.
+-@end menu
+-
+-@node Classification of Characters, Case Conversion, , Character Handling
+-@section Classification of Characters
+-@cindex character testing
+-@cindex classification of characters
+-@cindex predicates on characters
+-@cindex character predicates
+-
+-This section explains the library functions for classifying characters.
+-For example, @code{isalpha} is the function to test for an alphabetic
+-character. It takes one argument, the character to test, and returns a
+-nonzero integer if the character is alphabetic, and zero otherwise. You
+-would use it like this:
+-
+-@smallexample
+-if (isalpha (c))
+- printf ("The character `%c' is alphabetic.\n", c);
+-@end smallexample
+-
+-Each of the functions in this section tests for membership in a
+-particular class of characters; each has a name starting with @samp{is}.
+-Each of them takes one argument, which is a character to test, and
+-returns an @code{int} which is treated as a boolean value. The
+-character argument is passed as an @code{int}, and it may be the
+-constant value @code{EOF} instead of a real character.
+-
+-The attributes of any given character can vary between locales.
+-@xref{Locales}, for more information on locales.@refill
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int islower (int @var{c})
+-Returns true if @var{c} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isupper (int @var{c})
+-Returns true if @var{c} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalpha (int @var{c})
+-Returns true if @var{c} is an alphabetic character (a letter). If
+-@code{islower} or @code{isupper} is true of a character, then
+-@code{isalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{isalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-@end deftypefun
+-
+-@cindex digit character
+-@cindex decimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isdigit (int @var{c})
+-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+-@end deftypefun
+-
+-@cindex alphanumeric character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalnum (int @var{c})
+-Returns true if @var{c} is an alphanumeric character (a letter or
+-number); in other words, if either @code{isalpha} or @code{isdigit} is
+-true of a character, then @code{isalnum} is also true.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isxdigit (int @var{c})
+-Returns true if @var{c} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int ispunct (int @var{c})
+-Returns true if @var{c} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isspace (int @var{c})
+-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{isspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item ' '
+-space
+-
+-@item '\f'
+-formfeed
+-
+-@item '\n'
+-newline
+-
+-@item '\r'
+-carriage return
+-
+-@item '\t'
+-horizontal tab
+-
+-@item '\v'
+-vertical tab
+-@end table
+-@end deftypefun
+-
+-@cindex blank character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isblank (int @var{c})
+-Returns true if @var{c} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isgraph (int @var{c})
+-Returns true if @var{c} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isprint (int @var{c})
+-Returns true if @var{c} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-@end deftypefun
+-
+-@cindex control character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iscntrl (int @var{c})
+-Returns true if @var{c} is a control character (that is, a character that
+-is not a printing character).
+-@end deftypefun
+-
+-@cindex ASCII character
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int isascii (int @var{c})
+-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+-into the US/UK ASCII character set. This function is a BSD extension
+-and is also an SVID extension.
+-@end deftypefun
+-
+-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
+-@section Case Conversion
+-@cindex character case conversion
+-@cindex case conversion of characters
+-@cindex converting case of characters
+-
+-This section explains the library functions for performing conversions
+-such as case mappings on characters. For example, @code{toupper}
+-converts any character to upper case if possible. If the character
+-can't be converted, @code{toupper} returns it unchanged.
+-
+-These functions take one argument of type @code{int}, which is the
+-character to convert, and return the converted character as an
+-@code{int}. If the conversion is not applicable to the argument given,
+-the argument is returned unchanged.
+-
+-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
+-returning the argument unchanged, these functions may fail when the
+-argument is not suitable for the conversion. Thus for portability, you
+-may need to write @code{islower(c) ? toupper(c) : c} rather than just
+-@code{toupper(c)}.
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int tolower (int @var{c})
+-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+-lower-case letter. If @var{c} is not an upper-case letter,
+-@var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int toupper (int @var{c})
+-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+-upper-case letter. Otherwise @var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int toascii (int @var{c})
+-This function converts @var{c} to a 7-bit @code{unsigned char} value
+-that fits into the US/UK ASCII character set, by clearing the high-order
+-bits. This function is a BSD extension and is also an SVID extension.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _tolower (int @var{c})
+-This is identical to @code{tolower}, and is provided for compatibility
+-with the SVID. @xref{SVID}.@refill
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _toupper (int @var{c})
+-This is identical to @code{toupper}, and is provided for compatibility
+-with the SVID.
+-@end deftypefun
+-
+-
+-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
+-@section Character class determination for wide characters
+-
+-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
+-characters. Although the original @w{ISO C90} standard already defined
+-the type @code{wchar_t}, no functions operating on them were defined.
+-
+-The general design of the classification functions for wide characters
+-is more general. It allows extensions to the set of available
+-classifications, beyond those which are always available. The POSIX
+-standard specifies how extensions can be made, and this is already
+-implemented in the @glibcadj{} implementation of the @code{localedef}
+-program.
+-
+-The character class functions are normally implemented with bitsets,
+-with a bitset per character. For a given character, the appropriate
+-bitset is read from a table and a test is performed as to whether a
+-certain bit is set. Which bit is tested for is determined by the
+-class.
+-
+-For the wide character classification functions this is made visible.
+-There is a type classification type defined, a function to retrieve this
+-value for a given class, and a function to test whether a given
+-character is in this class, using the classification value. On top of
+-this the normal character classification functions as used for
+-@code{char} objects can be defined.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data type} wctype_t
+-The @code{wctype_t} can hold a value which represents a character class.
+-The only defined way to generate such a value is by using the
+-@code{wctype} function.
+-
+-@pindex wctype.h
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctype_t wctype (const char *@var{property})
+-The @code{wctype} returns a value representing a class of wide
+-characters which is identified by the string @var{property}. Beside
+-some standard properties each locale can define its own ones. In case
+-no property with the given name is known for the current locale
+-selected for the @code{LC_CTYPE} category, the function returns zero.
+-
+-@noindent
+-The properties known in every locale are:
+-
+-@multitable @columnfractions .25 .25 .25 .25
+-@item
+-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
+-@item
+-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
+-@item
+-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
+-@end multitable
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To test the membership of a character to one of the non-standard classes
+-the @w{ISO C} standard defines a completely new function.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+-This function returns a nonzero value if @var{wc} is in the character
+-class specified by @var{desc}. @var{desc} must previously be returned
+-by a successful call to @code{wctype}.
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To make it easier to use the commonly-used classification functions,
+-they are defined in the C library. There is no need to use
+-@code{wctype} if the property string is one of the known character
+-classes. In some situations it is desirable to construct the property
+-strings, and then it is important that @code{wctype} can also handle the
+-standard classes.
+-
+-@cindex alphanumeric character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalnum (wint_t @var{wc})
+-This function returns a nonzero value if @var{wc} is an alphanumeric
+-character (a letter or number); in other words, if either @code{iswalpha}
+-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+-true.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alnum"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalpha (wint_t @var{wc})
+-Returns true if @var{wc} is an alphabetic character (a letter). If
+-@code{iswlower} or @code{iswupper} is true of a character, then
+-@code{iswalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{iswalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alpha"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex control character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswcntrl (wint_t @var{wc})
+-Returns true if @var{wc} is a control character (that is, a character that
+-is not a printing character).
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("cntrl"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+-Please note that this function does not only return a nonzero value for
+-@emph{decimal} digits, but for all kinds of digits. A consequence is
+-that code like the following will @strong{not} work unconditionally for
+-wide characters:
+-
+-@smallexample
+-n = 0;
+-while (iswdigit (*wc))
+- @{
+- n *= 10;
+- n += *wc++ - L'0';
+- @}
+-@end smallexample
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("digit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswgraph (wint_t @var{wc})
+-Returns true if @var{wc} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("graph"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iswlower (wint_t @var{wc})
+-Returns true if @var{wc} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("lower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswprint (wint_t @var{wc})
+-Returns true if @var{wc} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("print"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswpunct (wint_t @var{wc})
+-Returns true if @var{wc} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("punct"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswspace (wint_t @var{wc})
+-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{iswspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item L' '
+-space
+-
+-@item L'\f'
+-formfeed
+-
+-@item L'\n'
+-newline
+-
+-@item L'\r'
+-carriage return
+-
+-@item L'\t'
+-horizontal tab
+-
+-@item L'\v'
+-vertical tab
+-@end table
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("space"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswupper (wint_t @var{wc})
+-Returns true if @var{wc} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("upper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswxdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("xdigit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@Theglibc{} also provides a function which is not defined in the
+-@w{ISO C} standard but which is available as a version for single byte
+-characters as well.
+-
+-@cindex blank character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswblank (wint_t @var{wc})
+-Returns true if @var{wc} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-It is declared in @file{wchar.h}.
+-@end deftypefun
+-
+-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
+-@section Notes on using the wide character classes
+-
+-The first note is probably not astonishing but still occasionally a
+-cause of problems. The @code{isw@var{XXX}} functions can be implemented
+-using macros and in fact, @theglibc{} does this. They are still
+-available as real functions but when the @file{wctype.h} header is
+-included the macros will be used. This is the same as the
+-@code{char} type versions of these functions.
+-
+-The second note covers something new. It can be best illustrated by a
+-(real-world) example. The first piece of code is an excerpt from the
+-original code. It is truncated a bit but the intention should be clear.
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- if (strcmp (class, "alnum") == 0)
+- return isalnum (c);
+- if (strcmp (class, "alpha") == 0)
+- return isalpha (c);
+- if (strcmp (class, "cntrl") == 0)
+- return iscntrl (c);
+- @dots{}
+- return 0;
+-@}
+-@end smallexample
+-
+-Now, with the @code{wctype} and @code{iswctype} you can avoid the
+-@code{if} cascades, but rewriting the code as follows is wrong:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype ((wint_t) c, desc) : 0;
+-@}
+-@end smallexample
+-
+-The problem is that it is not guaranteed that the wide character
+-representation of a single-byte character can be found using casting.
+-In fact, usually this fails miserably. The correct solution to this
+-problem is to write the code as follows:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype (btowc (c), desc) : 0;
+-@}
+-@end smallexample
+-
+-@xref{Converting a Character}, for more information on @code{btowc}.
+-Note that this change probably does not improve the performance
+-of the program a lot since the @code{wctype} function still has to make
+-the string comparisons. It gets really interesting if the
+-@code{is_in_class} function is called more than once for the
+-same class name. In this case the variable @var{desc} could be computed
+-once and reused for all the calls. Therefore the above form of the
+-function is probably not the final one.
+-
+-
+-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
+-@section Mapping of wide characters.
+-
+-The classification functions are also generalized by the @w{ISO C}
+-standard. Instead of just allowing the two standard mappings, a
+-locale can contain others. Again, the @code{localedef} program
+-already supports generating such locale data files.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data Type} wctrans_t
+-This data type is defined as a scalar type which can hold a value
+-representing the locale-dependent character mapping. There is no way to
+-construct such a value apart from using the return value of the
+-@code{wctrans} function.
+-
+-@pindex wctype.h
+-@noindent
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctrans_t wctrans (const char *@var{property})
+-The @code{wctrans} function has to be used to find out whether a named
+-mapping is defined in the current locale selected for the
+-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
+-it afterwards in calls to @code{towctrans}. If the return value is
+-zero no such mapping is known in the current locale.
+-
+-Beside locale-specific mappings there are two mappings which are
+-guaranteed to be available in every locale:
+-
+-@multitable @columnfractions .5 .5
+-@item
+-@code{"tolower"} @tab @code{"toupper"}
+-@end multitable
+-
+-@pindex wctype.h
+-@noindent
+-These functions are declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@code{towctrans} maps the input character @var{wc}
+-according to the rules of the mapping for which @var{desc} is a
+-descriptor, and returns the value it finds. @var{desc} must be
+-obtained by a successful call to @code{wctrans}.
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-For the generally available mappings, the @w{ISO C} standard defines
+-convenient shortcuts so that it is not necessary to call @code{wctrans}
+-for them.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towlower (wint_t @var{wc})
+-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+-lower-case letter. If @var{wc} is not an upper-case letter,
+-@var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towlower} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("tolower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towupper (wint_t @var{wc})
+-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+-upper-case letter. Otherwise @var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towupper} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("toupper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-The same warnings given in the last section for the use of the wide
+-character classification functions apply here. It is not possible to
+-simply cast a @code{char} type value to a @code{wint_t} and use it as an
+-argument to @code{towctrans} calls.
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index 818f328..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,787 +0,0 @@
-Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
-Top: eb7c2702254befc63994aae3ba24a286ee829464
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-08-13 21:43:21 -0300
-
-Refresh of manual-document-mt-safety-ctype.patch
-
----
-
-diff --git a/manual/ctype.texi b/manual/ctype.texi
-deleted file mode 100644
-index f05d509..0000000
---- a/manual/ctype.texi
-+++ /dev/null
-@@ -1,772 +0,0 @@
--@node Character Handling, String and Array Utilities, Memory, Top
--@c %MENU% Character testing and conversion functions
--@chapter Character Handling
--
--Programs that work with characters and strings often need to classify a
--character---is it alphabetic, is it a digit, is it whitespace, and so
--on---and perform case conversion operations on characters. The
--functions in the header file @file{ctype.h} are provided for this
--purpose.
--@pindex ctype.h
--
--Since the choice of locale and character set can alter the
--classifications of particular character codes, all of these functions
--are affected by the current locale. (More precisely, they are affected
--by the locale currently selected for character classification---the
--@code{LC_CTYPE} category; see @ref{Locale Categories}.)
--
--The @w{ISO C} standard specifies two different sets of functions. The
--one set works on @code{char} type characters, the other one on
--@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
--
--@menu
--* Classification of Characters:: Testing whether characters are
-- letters, digits, punctuation, etc.
--
--* Case Conversion:: Case mapping, and the like.
--* Classification of Wide Characters:: Character class determination for
-- wide characters.
--* Using Wide Char Classes:: Notes on using the wide character
-- classes.
--* Wide Character Case Conversion:: Mapping of wide characters.
--@end menu
--
--@node Classification of Characters, Case Conversion, , Character Handling
--@section Classification of Characters
--@cindex character testing
--@cindex classification of characters
--@cindex predicates on characters
--@cindex character predicates
--
--This section explains the library functions for classifying characters.
--For example, @code{isalpha} is the function to test for an alphabetic
--character. It takes one argument, the character to test, and returns a
--nonzero integer if the character is alphabetic, and zero otherwise. You
--would use it like this:
--
--@smallexample
--if (isalpha (c))
-- printf ("The character `%c' is alphabetic.\n", c);
--@end smallexample
--
--Each of the functions in this section tests for membership in a
--particular class of characters; each has a name starting with @samp{is}.
--Each of them takes one argument, which is a character to test, and
--returns an @code{int} which is treated as a boolean value. The
--character argument is passed as an @code{int}, and it may be the
--constant value @code{EOF} instead of a real character.
--
--The attributes of any given character can vary between locales.
--@xref{Locales}, for more information on locales.@refill
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int islower (int @var{c})
--Returns true if @var{c} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex upper-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int isupper (int @var{c})
--Returns true if @var{c} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--@end deftypefun
--
--@cindex alphabetic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalpha (int @var{c})
--Returns true if @var{c} is an alphabetic character (a letter). If
--@code{islower} or @code{isupper} is true of a character, then
--@code{isalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{isalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--@end deftypefun
--
--@cindex digit character
--@cindex decimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isdigit (int @var{c})
--Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
--@end deftypefun
--
--@cindex alphanumeric character
--@comment ctype.h
--@comment ISO
--@deftypefun int isalnum (int @var{c})
--Returns true if @var{c} is an alphanumeric character (a letter or
--number); in other words, if either @code{isalpha} or @code{isdigit} is
--true of a character, then @code{isalnum} is also true.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment ctype.h
--@comment ISO
--@deftypefun int isxdigit (int @var{c})
--Returns true if @var{c} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--@end deftypefun
--
--@cindex punctuation character
--@comment ctype.h
--@comment ISO
--@deftypefun int ispunct (int @var{c})
--Returns true if @var{c} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--@end deftypefun
--
--@cindex whitespace character
--@comment ctype.h
--@comment ISO
--@deftypefun int isspace (int @var{c})
--Returns true if @var{c} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{isspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item ' '
--space
--
--@item '\f'
--formfeed
--
--@item '\n'
--newline
--
--@item '\r'
--carriage return
--
--@item '\t'
--horizontal tab
--
--@item '\v'
--vertical tab
--@end table
--@end deftypefun
--
--@cindex blank character
--@comment ctype.h
--@comment ISO
--@deftypefun int isblank (int @var{c})
--Returns true if @var{c} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--@end deftypefun
--
--@cindex graphic character
--@comment ctype.h
--@comment ISO
--@deftypefun int isgraph (int @var{c})
--Returns true if @var{c} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--@end deftypefun
--
--@cindex printing character
--@comment ctype.h
--@comment ISO
--@deftypefun int isprint (int @var{c})
--Returns true if @var{c} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--@end deftypefun
--
--@cindex control character
--@comment ctype.h
--@comment ISO
--@deftypefun int iscntrl (int @var{c})
--Returns true if @var{c} is a control character (that is, a character that
--is not a printing character).
--@end deftypefun
--
--@cindex ASCII character
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int isascii (int @var{c})
--Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
--into the US/UK ASCII character set. This function is a BSD extension
--and is also an SVID extension.
--@end deftypefun
--
--@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
--@section Case Conversion
--@cindex character case conversion
--@cindex case conversion of characters
--@cindex converting case of characters
--
--This section explains the library functions for performing conversions
--such as case mappings on characters. For example, @code{toupper}
--converts any character to upper case if possible. If the character
--can't be converted, @code{toupper} returns it unchanged.
--
--These functions take one argument of type @code{int}, which is the
--character to convert, and return the converted character as an
--@code{int}. If the conversion is not applicable to the argument given,
--the argument is returned unchanged.
--
--@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
--returning the argument unchanged, these functions may fail when the
--argument is not suitable for the conversion. Thus for portability, you
--may need to write @code{islower(c) ? toupper(c) : c} rather than just
--@code{toupper(c)}.
--
--These functions are declared in the header file @file{ctype.h}.
--@pindex ctype.h
--
--@comment ctype.h
--@comment ISO
--@deftypefun int tolower (int @var{c})
--If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
--lower-case letter. If @var{c} is not an upper-case letter,
--@var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment ISO
--@deftypefun int toupper (int @var{c})
--If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
--upper-case letter. Otherwise @var{c} is returned unchanged.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID, BSD
--@deftypefun int toascii (int @var{c})
--This function converts @var{c} to a 7-bit @code{unsigned char} value
--that fits into the US/UK ASCII character set, by clearing the high-order
--bits. This function is a BSD extension and is also an SVID extension.
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _tolower (int @var{c})
--This is identical to @code{tolower}, and is provided for compatibility
--with the SVID. @xref{SVID}.@refill
--@end deftypefun
--
--@comment ctype.h
--@comment SVID
--@deftypefun int _toupper (int @var{c})
--This is identical to @code{toupper}, and is provided for compatibility
--with the SVID.
--@end deftypefun
--
--
--@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
--@section Character class determination for wide characters
--
--@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
--characters. Although the original @w{ISO C90} standard already defined
--the type @code{wchar_t}, no functions operating on them were defined.
--
--The general design of the classification functions for wide characters
--is more general. It allows extensions to the set of available
--classifications, beyond those which are always available. The POSIX
--standard specifies how extensions can be made, and this is already
--implemented in the @glibcadj{} implementation of the @code{localedef}
--program.
--
--The character class functions are normally implemented with bitsets,
--with a bitset per character. For a given character, the appropriate
--bitset is read from a table and a test is performed as to whether a
--certain bit is set. Which bit is tested for is determined by the
--class.
--
--For the wide character classification functions this is made visible.
--There is a type classification type defined, a function to retrieve this
--value for a given class, and a function to test whether a given
--character is in this class, using the classification value. On top of
--this the normal character classification functions as used for
--@code{char} objects can be defined.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data type} wctype_t
--The @code{wctype_t} can hold a value which represents a character class.
--The only defined way to generate such a value is by using the
--@code{wctype} function.
--
--@pindex wctype.h
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctype_t wctype (const char *@var{property})
--The @code{wctype} returns a value representing a class of wide
--characters which is identified by the string @var{property}. Beside
--some standard properties each locale can define its own ones. In case
--no property with the given name is known for the current locale
--selected for the @code{LC_CTYPE} category, the function returns zero.
--
--@noindent
--The properties known in every locale are:
--
--@multitable @columnfractions .25 .25 .25 .25
--@item
--@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
--@item
--@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
--@item
--@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
--@end multitable
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To test the membership of a character to one of the non-standard classes
--the @w{ISO C} standard defines a completely new function.
--
--@comment wctype.h
--@comment ISO
--@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
--This function returns a nonzero value if @var{wc} is in the character
--class specified by @var{desc}. @var{desc} must previously be returned
--by a successful call to @code{wctype}.
--
--@pindex wctype.h
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--To make it easier to use the commonly-used classification functions,
--they are defined in the C library. There is no need to use
--@code{wctype} if the property string is one of the known character
--classes. In some situations it is desirable to construct the property
--strings, and then it is important that @code{wctype} can also handle the
--standard classes.
--
--@cindex alphanumeric character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalnum (wint_t @var{wc})
--This function returns a nonzero value if @var{wc} is an alphanumeric
--character (a letter or number); in other words, if either @code{iswalpha}
--or @code{iswdigit} is true of a character, then @code{iswalnum} is also
--true.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alnum"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex alphabetic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswalpha (wint_t @var{wc})
--Returns true if @var{wc} is an alphabetic character (a letter). If
--@code{iswlower} or @code{iswupper} is true of a character, then
--@code{iswalpha} is also true.
--
--In some locales, there may be additional characters for which
--@code{iswalpha} is true---letters which are neither upper case nor lower
--case. But in the standard @code{"C"} locale, there are no such
--additional characters.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("alpha"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex control character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswcntrl (wint_t @var{wc})
--Returns true if @var{wc} is a control character (that is, a character that
--is not a printing character).
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("cntrl"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswdigit (wint_t @var{wc})
--Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
--Please note that this function does not only return a nonzero value for
--@emph{decimal} digits, but for all kinds of digits. A consequence is
--that code like the following will @strong{not} work unconditionally for
--wide characters:
--
--@smallexample
--n = 0;
--while (iswdigit (*wc))
-- @{
-- n *= 10;
-- n += *wc++ - L'0';
-- @}
--@end smallexample
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("digit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex graphic character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswgraph (wint_t @var{wc})
--Returns true if @var{wc} is a graphic character; that is, a character
--that has a glyph associated with it. The whitespace characters are not
--considered graphic.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("graph"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex lower-case character
--@comment ctype.h
--@comment ISO
--@deftypefun int iswlower (wint_t @var{wc})
--Returns true if @var{wc} is a lower-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("lower"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex printing character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswprint (wint_t @var{wc})
--Returns true if @var{wc} is a printing character. Printing characters
--include all the graphic characters, plus the space (@samp{ }) character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("print"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex punctuation character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswpunct (wint_t @var{wc})
--Returns true if @var{wc} is a punctuation character.
--This means any printing character that is not alphanumeric or a space
--character.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("punct"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex whitespace character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswspace (wint_t @var{wc})
--Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
--@code{"C"} locale, @code{iswspace} returns true for only the standard
--whitespace characters:
--
--@table @code
--@item L' '
--space
--
--@item L'\f'
--formfeed
--
--@item L'\n'
--newline
--
--@item L'\r'
--carriage return
--
--@item L'\t'
--horizontal tab
--
--@item L'\v'
--vertical tab
--@end table
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("space"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex upper-case character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswupper (wint_t @var{wc})
--Returns true if @var{wc} is an upper-case letter. The letter need not be
--from the Latin alphabet, any alphabet representable is valid.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("upper"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@cindex hexadecimal digit character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswxdigit (wint_t @var{wc})
--Returns true if @var{wc} is a hexadecimal digit.
--Hexadecimal digits include the normal decimal digits @samp{0} through
--@samp{9} and the letters @samp{A} through @samp{F} and
--@samp{a} through @samp{f}.
--
--@noindent
--This function can be implemented using
--
--@smallexample
--iswctype (wc, wctype ("xdigit"))
--@end smallexample
--
--@pindex wctype.h
--It is declared in @file{wctype.h}.
--@end deftypefun
--
--@Theglibc{} also provides a function which is not defined in the
--@w{ISO C} standard but which is available as a version for single byte
--characters as well.
--
--@cindex blank character
--@comment wctype.h
--@comment ISO
--@deftypefun int iswblank (wint_t @var{wc})
--Returns true if @var{wc} is a blank character; that is, a space or a tab.
--This function was originally a GNU extension, but was added in @w{ISO C99}.
--It is declared in @file{wchar.h}.
--@end deftypefun
--
--@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
--@section Notes on using the wide character classes
--
--The first note is probably not astonishing but still occasionally a
--cause of problems. The @code{isw@var{XXX}} functions can be implemented
--using macros and in fact, @theglibc{} does this. They are still
--available as real functions but when the @file{wctype.h} header is
--included the macros will be used. This is the same as the
--@code{char} type versions of these functions.
--
--The second note covers something new. It can be best illustrated by a
--(real-world) example. The first piece of code is an excerpt from the
--original code. It is truncated a bit but the intention should be clear.
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- if (strcmp (class, "alnum") == 0)
-- return isalnum (c);
-- if (strcmp (class, "alpha") == 0)
-- return isalpha (c);
-- if (strcmp (class, "cntrl") == 0)
-- return iscntrl (c);
-- @dots{}
-- return 0;
--@}
--@end smallexample
--
--Now, with the @code{wctype} and @code{iswctype} you can avoid the
--@code{if} cascades, but rewriting the code as follows is wrong:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype ((wint_t) c, desc) : 0;
--@}
--@end smallexample
--
--The problem is that it is not guaranteed that the wide character
--representation of a single-byte character can be found using casting.
--In fact, usually this fails miserably. The correct solution to this
--problem is to write the code as follows:
--
--@smallexample
--int
--is_in_class (int c, const char *class)
--@{
-- wctype_t desc = wctype (class);
-- return desc ? iswctype (btowc (c), desc) : 0;
--@}
--@end smallexample
--
--@xref{Converting a Character}, for more information on @code{btowc}.
--Note that this change probably does not improve the performance
--of the program a lot since the @code{wctype} function still has to make
--the string comparisons. It gets really interesting if the
--@code{is_in_class} function is called more than once for the
--same class name. In this case the variable @var{desc} could be computed
--once and reused for all the calls. Therefore the above form of the
--function is probably not the final one.
--
--
--@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
--@section Mapping of wide characters.
--
--The classification functions are also generalized by the @w{ISO C}
--standard. Instead of just allowing the two standard mappings, a
--locale can contain others. Again, the @code{localedef} program
--already supports generating such locale data files.
--
--@comment wctype.h
--@comment ISO
--@deftp {Data Type} wctrans_t
--This data type is defined as a scalar type which can hold a value
--representing the locale-dependent character mapping. There is no way to
--construct such a value apart from using the return value of the
--@code{wctrans} function.
--
--@pindex wctype.h
--@noindent
--This type is defined in @file{wctype.h}.
--@end deftp
--
--@comment wctype.h
--@comment ISO
--@deftypefun wctrans_t wctrans (const char *@var{property})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
--The @code{wctrans} function has to be used to find out whether a named
--mapping is defined in the current locale selected for the
--@code{LC_CTYPE} category. If the returned value is non-zero, you can use
--it afterwards in calls to @code{towctrans}. If the return value is
--zero no such mapping is known in the current locale.
--
--Beside locale-specific mappings there are two mappings which are
--guaranteed to be available in every locale:
--
--@multitable @columnfractions .5 .5
--@item
--@code{"tolower"} @tab @code{"toupper"}
--@end multitable
--
--@pindex wctype.h
--@noindent
--These functions are declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
--@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
--@code{towctrans} maps the input character @var{wc}
--according to the rules of the mapping for which @var{desc} is a
--descriptor, and returns the value it finds. @var{desc} must be
--obtained by a successful call to @code{wctrans}.
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--For the generally available mappings, the @w{ISO C} standard defines
--convenient shortcuts so that it is not necessary to call @code{wctrans}
--for them.
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towlower (wint_t @var{wc})
--If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
--lower-case letter. If @var{wc} is not an upper-case letter,
--@var{wc} is returned unchanged.
--
--@noindent
--@code{towlower} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("tolower"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--@comment wctype.h
--@comment ISO
--@deftypefun wint_t towupper (wint_t @var{wc})
--If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
--upper-case letter. Otherwise @var{wc} is returned unchanged.
--
--@noindent
--@code{towupper} can be implemented using
--
--@smallexample
--towctrans (wc, wctrans ("toupper"))
--@end smallexample
--
--@pindex wctype.h
--@noindent
--This function is declared in @file{wctype.h}.
--@end deftypefun
--
--The same warnings given in the last section for the use of the wide
--character classification functions apply here. It is not possible to
--simply cast a @code{char} type value to a @code{wint_t} and use it as an
--argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=92ecb9cc92814d23ccb743dab61d49f352050d65
commit 92ecb9cc92814d23ccb743dab61d49f352050d65
Merge: ebdffc7 db2ee3a fa0e164
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:21 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebdffc717c6099f054d348d124c39414d7d6c9a8
commit ebdffc717c6099f054d348d124c39414d7d6c9a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:21 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 67da860..d6de884 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: cbc4be3ddd767d1a801d3f67429eac5fff0e8967
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: fa0e164579ef7d32d41b16568c2074df2d84ea0d
+Head: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,7 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
+ refresh-temp: db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..818f328
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,787 @@
+Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: eb7c2702254befc63994aae3ba24a286ee829464
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-08-13 21:43:21 -0300
+
+Refresh of manual-document-mt-safety-ctype.patch
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+deleted file mode 100644
+index f05d509..0000000
+--- a/manual/ctype.texi
++++ /dev/null
+@@ -1,772 +0,0 @@
+-@node Character Handling, String and Array Utilities, Memory, Top
+-@c %MENU% Character testing and conversion functions
+-@chapter Character Handling
+-
+-Programs that work with characters and strings often need to classify a
+-character---is it alphabetic, is it a digit, is it whitespace, and so
+-on---and perform case conversion operations on characters. The
+-functions in the header file @file{ctype.h} are provided for this
+-purpose.
+-@pindex ctype.h
+-
+-Since the choice of locale and character set can alter the
+-classifications of particular character codes, all of these functions
+-are affected by the current locale. (More precisely, they are affected
+-by the locale currently selected for character classification---the
+-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
+-
+-The @w{ISO C} standard specifies two different sets of functions. The
+-one set works on @code{char} type characters, the other one on
+-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
+-
+-@menu
+-* Classification of Characters:: Testing whether characters are
+- letters, digits, punctuation, etc.
+-
+-* Case Conversion:: Case mapping, and the like.
+-* Classification of Wide Characters:: Character class determination for
+- wide characters.
+-* Using Wide Char Classes:: Notes on using the wide character
+- classes.
+-* Wide Character Case Conversion:: Mapping of wide characters.
+-@end menu
+-
+-@node Classification of Characters, Case Conversion, , Character Handling
+-@section Classification of Characters
+-@cindex character testing
+-@cindex classification of characters
+-@cindex predicates on characters
+-@cindex character predicates
+-
+-This section explains the library functions for classifying characters.
+-For example, @code{isalpha} is the function to test for an alphabetic
+-character. It takes one argument, the character to test, and returns a
+-nonzero integer if the character is alphabetic, and zero otherwise. You
+-would use it like this:
+-
+-@smallexample
+-if (isalpha (c))
+- printf ("The character `%c' is alphabetic.\n", c);
+-@end smallexample
+-
+-Each of the functions in this section tests for membership in a
+-particular class of characters; each has a name starting with @samp{is}.
+-Each of them takes one argument, which is a character to test, and
+-returns an @code{int} which is treated as a boolean value. The
+-character argument is passed as an @code{int}, and it may be the
+-constant value @code{EOF} instead of a real character.
+-
+-The attributes of any given character can vary between locales.
+-@xref{Locales}, for more information on locales.@refill
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int islower (int @var{c})
+-Returns true if @var{c} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isupper (int @var{c})
+-Returns true if @var{c} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalpha (int @var{c})
+-Returns true if @var{c} is an alphabetic character (a letter). If
+-@code{islower} or @code{isupper} is true of a character, then
+-@code{isalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{isalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-@end deftypefun
+-
+-@cindex digit character
+-@cindex decimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isdigit (int @var{c})
+-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+-@end deftypefun
+-
+-@cindex alphanumeric character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isalnum (int @var{c})
+-Returns true if @var{c} is an alphanumeric character (a letter or
+-number); in other words, if either @code{isalpha} or @code{isdigit} is
+-true of a character, then @code{isalnum} is also true.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isxdigit (int @var{c})
+-Returns true if @var{c} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int ispunct (int @var{c})
+-Returns true if @var{c} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isspace (int @var{c})
+-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{isspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item ' '
+-space
+-
+-@item '\f'
+-formfeed
+-
+-@item '\n'
+-newline
+-
+-@item '\r'
+-carriage return
+-
+-@item '\t'
+-horizontal tab
+-
+-@item '\v'
+-vertical tab
+-@end table
+-@end deftypefun
+-
+-@cindex blank character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isblank (int @var{c})
+-Returns true if @var{c} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isgraph (int @var{c})
+-Returns true if @var{c} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int isprint (int @var{c})
+-Returns true if @var{c} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-@end deftypefun
+-
+-@cindex control character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iscntrl (int @var{c})
+-Returns true if @var{c} is a control character (that is, a character that
+-is not a printing character).
+-@end deftypefun
+-
+-@cindex ASCII character
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int isascii (int @var{c})
+-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+-into the US/UK ASCII character set. This function is a BSD extension
+-and is also an SVID extension.
+-@end deftypefun
+-
+-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
+-@section Case Conversion
+-@cindex character case conversion
+-@cindex case conversion of characters
+-@cindex converting case of characters
+-
+-This section explains the library functions for performing conversions
+-such as case mappings on characters. For example, @code{toupper}
+-converts any character to upper case if possible. If the character
+-can't be converted, @code{toupper} returns it unchanged.
+-
+-These functions take one argument of type @code{int}, which is the
+-character to convert, and return the converted character as an
+-@code{int}. If the conversion is not applicable to the argument given,
+-the argument is returned unchanged.
+-
+-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
+-returning the argument unchanged, these functions may fail when the
+-argument is not suitable for the conversion. Thus for portability, you
+-may need to write @code{islower(c) ? toupper(c) : c} rather than just
+-@code{toupper(c)}.
+-
+-These functions are declared in the header file @file{ctype.h}.
+-@pindex ctype.h
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int tolower (int @var{c})
+-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+-lower-case letter. If @var{c} is not an upper-case letter,
+-@var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int toupper (int @var{c})
+-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+-upper-case letter. Otherwise @var{c} is returned unchanged.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID, BSD
+-@deftypefun int toascii (int @var{c})
+-This function converts @var{c} to a 7-bit @code{unsigned char} value
+-that fits into the US/UK ASCII character set, by clearing the high-order
+-bits. This function is a BSD extension and is also an SVID extension.
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _tolower (int @var{c})
+-This is identical to @code{tolower}, and is provided for compatibility
+-with the SVID. @xref{SVID}.@refill
+-@end deftypefun
+-
+-@comment ctype.h
+-@comment SVID
+-@deftypefun int _toupper (int @var{c})
+-This is identical to @code{toupper}, and is provided for compatibility
+-with the SVID.
+-@end deftypefun
+-
+-
+-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
+-@section Character class determination for wide characters
+-
+-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
+-characters. Although the original @w{ISO C90} standard already defined
+-the type @code{wchar_t}, no functions operating on them were defined.
+-
+-The general design of the classification functions for wide characters
+-is more general. It allows extensions to the set of available
+-classifications, beyond those which are always available. The POSIX
+-standard specifies how extensions can be made, and this is already
+-implemented in the @glibcadj{} implementation of the @code{localedef}
+-program.
+-
+-The character class functions are normally implemented with bitsets,
+-with a bitset per character. For a given character, the appropriate
+-bitset is read from a table and a test is performed as to whether a
+-certain bit is set. Which bit is tested for is determined by the
+-class.
+-
+-For the wide character classification functions this is made visible.
+-There is a type classification type defined, a function to retrieve this
+-value for a given class, and a function to test whether a given
+-character is in this class, using the classification value. On top of
+-this the normal character classification functions as used for
+-@code{char} objects can be defined.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data type} wctype_t
+-The @code{wctype_t} can hold a value which represents a character class.
+-The only defined way to generate such a value is by using the
+-@code{wctype} function.
+-
+-@pindex wctype.h
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctype_t wctype (const char *@var{property})
+-The @code{wctype} returns a value representing a class of wide
+-characters which is identified by the string @var{property}. Beside
+-some standard properties each locale can define its own ones. In case
+-no property with the given name is known for the current locale
+-selected for the @code{LC_CTYPE} category, the function returns zero.
+-
+-@noindent
+-The properties known in every locale are:
+-
+-@multitable @columnfractions .25 .25 .25 .25
+-@item
+-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
+-@item
+-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
+-@item
+-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
+-@end multitable
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To test the membership of a character to one of the non-standard classes
+-the @w{ISO C} standard defines a completely new function.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+-This function returns a nonzero value if @var{wc} is in the character
+-class specified by @var{desc}. @var{desc} must previously be returned
+-by a successful call to @code{wctype}.
+-
+-@pindex wctype.h
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-To make it easier to use the commonly-used classification functions,
+-they are defined in the C library. There is no need to use
+-@code{wctype} if the property string is one of the known character
+-classes. In some situations it is desirable to construct the property
+-strings, and then it is important that @code{wctype} can also handle the
+-standard classes.
+-
+-@cindex alphanumeric character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalnum (wint_t @var{wc})
+-This function returns a nonzero value if @var{wc} is an alphanumeric
+-character (a letter or number); in other words, if either @code{iswalpha}
+-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+-true.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alnum"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex alphabetic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswalpha (wint_t @var{wc})
+-Returns true if @var{wc} is an alphabetic character (a letter). If
+-@code{iswlower} or @code{iswupper} is true of a character, then
+-@code{iswalpha} is also true.
+-
+-In some locales, there may be additional characters for which
+-@code{iswalpha} is true---letters which are neither upper case nor lower
+-case. But in the standard @code{"C"} locale, there are no such
+-additional characters.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("alpha"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex control character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswcntrl (wint_t @var{wc})
+-Returns true if @var{wc} is a control character (that is, a character that
+-is not a printing character).
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("cntrl"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+-Please note that this function does not only return a nonzero value for
+-@emph{decimal} digits, but for all kinds of digits. A consequence is
+-that code like the following will @strong{not} work unconditionally for
+-wide characters:
+-
+-@smallexample
+-n = 0;
+-while (iswdigit (*wc))
+- @{
+- n *= 10;
+- n += *wc++ - L'0';
+- @}
+-@end smallexample
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("digit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex graphic character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswgraph (wint_t @var{wc})
+-Returns true if @var{wc} is a graphic character; that is, a character
+-that has a glyph associated with it. The whitespace characters are not
+-considered graphic.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("graph"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex lower-case character
+-@comment ctype.h
+-@comment ISO
+-@deftypefun int iswlower (wint_t @var{wc})
+-Returns true if @var{wc} is a lower-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("lower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex printing character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswprint (wint_t @var{wc})
+-Returns true if @var{wc} is a printing character. Printing characters
+-include all the graphic characters, plus the space (@samp{ }) character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("print"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex punctuation character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswpunct (wint_t @var{wc})
+-Returns true if @var{wc} is a punctuation character.
+-This means any printing character that is not alphanumeric or a space
+-character.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("punct"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex whitespace character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswspace (wint_t @var{wc})
+-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+-@code{"C"} locale, @code{iswspace} returns true for only the standard
+-whitespace characters:
+-
+-@table @code
+-@item L' '
+-space
+-
+-@item L'\f'
+-formfeed
+-
+-@item L'\n'
+-newline
+-
+-@item L'\r'
+-carriage return
+-
+-@item L'\t'
+-horizontal tab
+-
+-@item L'\v'
+-vertical tab
+-@end table
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("space"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex upper-case character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswupper (wint_t @var{wc})
+-Returns true if @var{wc} is an upper-case letter. The letter need not be
+-from the Latin alphabet, any alphabet representable is valid.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("upper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@cindex hexadecimal digit character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswxdigit (wint_t @var{wc})
+-Returns true if @var{wc} is a hexadecimal digit.
+-Hexadecimal digits include the normal decimal digits @samp{0} through
+-@samp{9} and the letters @samp{A} through @samp{F} and
+-@samp{a} through @samp{f}.
+-
+-@noindent
+-This function can be implemented using
+-
+-@smallexample
+-iswctype (wc, wctype ("xdigit"))
+-@end smallexample
+-
+-@pindex wctype.h
+-It is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@Theglibc{} also provides a function which is not defined in the
+-@w{ISO C} standard but which is available as a version for single byte
+-characters as well.
+-
+-@cindex blank character
+-@comment wctype.h
+-@comment ISO
+-@deftypefun int iswblank (wint_t @var{wc})
+-Returns true if @var{wc} is a blank character; that is, a space or a tab.
+-This function was originally a GNU extension, but was added in @w{ISO C99}.
+-It is declared in @file{wchar.h}.
+-@end deftypefun
+-
+-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
+-@section Notes on using the wide character classes
+-
+-The first note is probably not astonishing but still occasionally a
+-cause of problems. The @code{isw@var{XXX}} functions can be implemented
+-using macros and in fact, @theglibc{} does this. They are still
+-available as real functions but when the @file{wctype.h} header is
+-included the macros will be used. This is the same as the
+-@code{char} type versions of these functions.
+-
+-The second note covers something new. It can be best illustrated by a
+-(real-world) example. The first piece of code is an excerpt from the
+-original code. It is truncated a bit but the intention should be clear.
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- if (strcmp (class, "alnum") == 0)
+- return isalnum (c);
+- if (strcmp (class, "alpha") == 0)
+- return isalpha (c);
+- if (strcmp (class, "cntrl") == 0)
+- return iscntrl (c);
+- @dots{}
+- return 0;
+-@}
+-@end smallexample
+-
+-Now, with the @code{wctype} and @code{iswctype} you can avoid the
+-@code{if} cascades, but rewriting the code as follows is wrong:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype ((wint_t) c, desc) : 0;
+-@}
+-@end smallexample
+-
+-The problem is that it is not guaranteed that the wide character
+-representation of a single-byte character can be found using casting.
+-In fact, usually this fails miserably. The correct solution to this
+-problem is to write the code as follows:
+-
+-@smallexample
+-int
+-is_in_class (int c, const char *class)
+-@{
+- wctype_t desc = wctype (class);
+- return desc ? iswctype (btowc (c), desc) : 0;
+-@}
+-@end smallexample
+-
+-@xref{Converting a Character}, for more information on @code{btowc}.
+-Note that this change probably does not improve the performance
+-of the program a lot since the @code{wctype} function still has to make
+-the string comparisons. It gets really interesting if the
+-@code{is_in_class} function is called more than once for the
+-same class name. In this case the variable @var{desc} could be computed
+-once and reused for all the calls. Therefore the above form of the
+-function is probably not the final one.
+-
+-
+-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
+-@section Mapping of wide characters.
+-
+-The classification functions are also generalized by the @w{ISO C}
+-standard. Instead of just allowing the two standard mappings, a
+-locale can contain others. Again, the @code{localedef} program
+-already supports generating such locale data files.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftp {Data Type} wctrans_t
+-This data type is defined as a scalar type which can hold a value
+-representing the locale-dependent character mapping. There is no way to
+-construct such a value apart from using the return value of the
+-@code{wctrans} function.
+-
+-@pindex wctype.h
+-@noindent
+-This type is defined in @file{wctype.h}.
+-@end deftp
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wctrans_t wctrans (const char *@var{property})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+-The @code{wctrans} function has to be used to find out whether a named
+-mapping is defined in the current locale selected for the
+-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
+-it afterwards in calls to @code{towctrans}. If the return value is
+-zero no such mapping is known in the current locale.
+-
+-Beside locale-specific mappings there are two mappings which are
+-guaranteed to be available in every locale:
+-
+-@multitable @columnfractions .5 .5
+-@item
+-@code{"tolower"} @tab @code{"toupper"}
+-@end multitable
+-
+-@pindex wctype.h
+-@noindent
+-These functions are declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+-@code{towctrans} maps the input character @var{wc}
+-according to the rules of the mapping for which @var{desc} is a
+-descriptor, and returns the value it finds. @var{desc} must be
+-obtained by a successful call to @code{wctrans}.
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-For the generally available mappings, the @w{ISO C} standard defines
+-convenient shortcuts so that it is not necessary to call @code{wctrans}
+-for them.
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towlower (wint_t @var{wc})
+-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+-lower-case letter. If @var{wc} is not an upper-case letter,
+-@var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towlower} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("tolower"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-@comment wctype.h
+-@comment ISO
+-@deftypefun wint_t towupper (wint_t @var{wc})
+-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+-upper-case letter. Otherwise @var{wc} is returned unchanged.
+-
+-@noindent
+-@code{towupper} can be implemented using
+-
+-@smallexample
+-towctrans (wc, wctrans ("toupper"))
+-@end smallexample
+-
+-@pindex wctype.h
+-@noindent
+-This function is declared in @file{wctype.h}.
+-@end deftypefun
+-
+-The same warnings given in the last section for the use of the wide
+-character classification functions apply here. It is not possible to
+-simply cast a @code{char} type value to a @code{wint_t} and use it as an
+-argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
commit db2ee3a6f7f5658cf70172ca995df47e3b27c3a0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:43:21 2013 -0300
Refresh of manual-document-mt-safety-ctype.patch
diff --git a/manual/ctype.texi b/manual/ctype.texi
deleted file mode 100644
index f05d509..0000000
--- a/manual/ctype.texi
+++ /dev/null
@@ -1,772 +0,0 @@
-@node Character Handling, String and Array Utilities, Memory, Top
-@c %MENU% Character testing and conversion functions
-@chapter Character Handling
-
-Programs that work with characters and strings often need to classify a
-character---is it alphabetic, is it a digit, is it whitespace, and so
-on---and perform case conversion operations on characters. The
-functions in the header file @file{ctype.h} are provided for this
-purpose.
-@pindex ctype.h
-
-Since the choice of locale and character set can alter the
-classifications of particular character codes, all of these functions
-are affected by the current locale. (More precisely, they are affected
-by the locale currently selected for character classification---the
-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
-
-The @w{ISO C} standard specifies two different sets of functions. The
-one set works on @code{char} type characters, the other one on
-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
-
-@menu
-* Classification of Characters:: Testing whether characters are
- letters, digits, punctuation, etc.
-
-* Case Conversion:: Case mapping, and the like.
-* Classification of Wide Characters:: Character class determination for
- wide characters.
-* Using Wide Char Classes:: Notes on using the wide character
- classes.
-* Wide Character Case Conversion:: Mapping of wide characters.
-@end menu
-
-@node Classification of Characters, Case Conversion, , Character Handling
-@section Classification of Characters
-@cindex character testing
-@cindex classification of characters
-@cindex predicates on characters
-@cindex character predicates
-
-This section explains the library functions for classifying characters.
-For example, @code{isalpha} is the function to test for an alphabetic
-character. It takes one argument, the character to test, and returns a
-nonzero integer if the character is alphabetic, and zero otherwise. You
-would use it like this:
-
-@smallexample
-if (isalpha (c))
- printf ("The character `%c' is alphabetic.\n", c);
-@end smallexample
-
-Each of the functions in this section tests for membership in a
-particular class of characters; each has a name starting with @samp{is}.
-Each of them takes one argument, which is a character to test, and
-returns an @code{int} which is treated as a boolean value. The
-character argument is passed as an @code{int}, and it may be the
-constant value @code{EOF} instead of a real character.
-
-The attributes of any given character can vary between locales.
-@xref{Locales}, for more information on locales.@refill
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int islower (int @var{c})
-Returns true if @var{c} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex upper-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int isupper (int @var{c})
-Returns true if @var{c} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex alphabetic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalpha (int @var{c})
-Returns true if @var{c} is an alphabetic character (a letter). If
-@code{islower} or @code{isupper} is true of a character, then
-@code{isalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{isalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-@end deftypefun
-
-@cindex digit character
-@cindex decimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isdigit (int @var{c})
-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
-@end deftypefun
-
-@cindex alphanumeric character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalnum (int @var{c})
-Returns true if @var{c} is an alphanumeric character (a letter or
-number); in other words, if either @code{isalpha} or @code{isdigit} is
-true of a character, then @code{isalnum} is also true.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isxdigit (int @var{c})
-Returns true if @var{c} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-@end deftypefun
-
-@cindex punctuation character
-@comment ctype.h
-@comment ISO
-@deftypefun int ispunct (int @var{c})
-Returns true if @var{c} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-@end deftypefun
-
-@cindex whitespace character
-@comment ctype.h
-@comment ISO
-@deftypefun int isspace (int @var{c})
-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{isspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item ' '
-space
-
-@item '\f'
-formfeed
-
-@item '\n'
-newline
-
-@item '\r'
-carriage return
-
-@item '\t'
-horizontal tab
-
-@item '\v'
-vertical tab
-@end table
-@end deftypefun
-
-@cindex blank character
-@comment ctype.h
-@comment ISO
-@deftypefun int isblank (int @var{c})
-Returns true if @var{c} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-@end deftypefun
-
-@cindex graphic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isgraph (int @var{c})
-Returns true if @var{c} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-@end deftypefun
-
-@cindex printing character
-@comment ctype.h
-@comment ISO
-@deftypefun int isprint (int @var{c})
-Returns true if @var{c} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-@end deftypefun
-
-@cindex control character
-@comment ctype.h
-@comment ISO
-@deftypefun int iscntrl (int @var{c})
-Returns true if @var{c} is a control character (that is, a character that
-is not a printing character).
-@end deftypefun
-
-@cindex ASCII character
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int isascii (int @var{c})
-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
-into the US/UK ASCII character set. This function is a BSD extension
-and is also an SVID extension.
-@end deftypefun
-
-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
-@section Case Conversion
-@cindex character case conversion
-@cindex case conversion of characters
-@cindex converting case of characters
-
-This section explains the library functions for performing conversions
-such as case mappings on characters. For example, @code{toupper}
-converts any character to upper case if possible. If the character
-can't be converted, @code{toupper} returns it unchanged.
-
-These functions take one argument of type @code{int}, which is the
-character to convert, and return the converted character as an
-@code{int}. If the conversion is not applicable to the argument given,
-the argument is returned unchanged.
-
-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
-returning the argument unchanged, these functions may fail when the
-argument is not suitable for the conversion. Thus for portability, you
-may need to write @code{islower(c) ? toupper(c) : c} rather than just
-@code{toupper(c)}.
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@comment ctype.h
-@comment ISO
-@deftypefun int tolower (int @var{c})
-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
-lower-case letter. If @var{c} is not an upper-case letter,
-@var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment ISO
-@deftypefun int toupper (int @var{c})
-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
-upper-case letter. Otherwise @var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int toascii (int @var{c})
-This function converts @var{c} to a 7-bit @code{unsigned char} value
-that fits into the US/UK ASCII character set, by clearing the high-order
-bits. This function is a BSD extension and is also an SVID extension.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _tolower (int @var{c})
-This is identical to @code{tolower}, and is provided for compatibility
-with the SVID. @xref{SVID}.@refill
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _toupper (int @var{c})
-This is identical to @code{toupper}, and is provided for compatibility
-with the SVID.
-@end deftypefun
-
-
-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
-@section Character class determination for wide characters
-
-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
-characters. Although the original @w{ISO C90} standard already defined
-the type @code{wchar_t}, no functions operating on them were defined.
-
-The general design of the classification functions for wide characters
-is more general. It allows extensions to the set of available
-classifications, beyond those which are always available. The POSIX
-standard specifies how extensions can be made, and this is already
-implemented in the @glibcadj{} implementation of the @code{localedef}
-program.
-
-The character class functions are normally implemented with bitsets,
-with a bitset per character. For a given character, the appropriate
-bitset is read from a table and a test is performed as to whether a
-certain bit is set. Which bit is tested for is determined by the
-class.
-
-For the wide character classification functions this is made visible.
-There is a type classification type defined, a function to retrieve this
-value for a given class, and a function to test whether a given
-character is in this class, using the classification value. On top of
-this the normal character classification functions as used for
-@code{char} objects can be defined.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data type} wctype_t
-The @code{wctype_t} can hold a value which represents a character class.
-The only defined way to generate such a value is by using the
-@code{wctype} function.
-
-@pindex wctype.h
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctype_t wctype (const char *@var{property})
-The @code{wctype} returns a value representing a class of wide
-characters which is identified by the string @var{property}. Beside
-some standard properties each locale can define its own ones. In case
-no property with the given name is known for the current locale
-selected for the @code{LC_CTYPE} category, the function returns zero.
-
-@noindent
-The properties known in every locale are:
-
-@multitable @columnfractions .25 .25 .25 .25
-@item
-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
-@item
-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
-@item
-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
-@end multitable
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To test the membership of a character to one of the non-standard classes
-the @w{ISO C} standard defines a completely new function.
-
-@comment wctype.h
-@comment ISO
-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-This function returns a nonzero value if @var{wc} is in the character
-class specified by @var{desc}. @var{desc} must previously be returned
-by a successful call to @code{wctype}.
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To make it easier to use the commonly-used classification functions,
-they are defined in the C library. There is no need to use
-@code{wctype} if the property string is one of the known character
-classes. In some situations it is desirable to construct the property
-strings, and then it is important that @code{wctype} can also handle the
-standard classes.
-
-@cindex alphanumeric character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalnum (wint_t @var{wc})
-This function returns a nonzero value if @var{wc} is an alphanumeric
-character (a letter or number); in other words, if either @code{iswalpha}
-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-true.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alnum"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex alphabetic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalpha (wint_t @var{wc})
-Returns true if @var{wc} is an alphabetic character (a letter). If
-@code{iswlower} or @code{iswupper} is true of a character, then
-@code{iswalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{iswalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alpha"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex control character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswcntrl (wint_t @var{wc})
-Returns true if @var{wc} is a control character (that is, a character that
-is not a printing character).
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("cntrl"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswdigit (wint_t @var{wc})
-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
-Please note that this function does not only return a nonzero value for
-@emph{decimal} digits, but for all kinds of digits. A consequence is
-that code like the following will @strong{not} work unconditionally for
-wide characters:
-
-@smallexample
-n = 0;
-while (iswdigit (*wc))
- @{
- n *= 10;
- n += *wc++ - L'0';
- @}
-@end smallexample
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("digit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex graphic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswgraph (wint_t @var{wc})
-Returns true if @var{wc} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("graph"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int iswlower (wint_t @var{wc})
-Returns true if @var{wc} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("lower"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex printing character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswprint (wint_t @var{wc})
-Returns true if @var{wc} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("print"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex punctuation character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswpunct (wint_t @var{wc})
-Returns true if @var{wc} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("punct"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex whitespace character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswspace (wint_t @var{wc})
-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{iswspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item L' '
-space
-
-@item L'\f'
-formfeed
-
-@item L'\n'
-newline
-
-@item L'\r'
-carriage return
-
-@item L'\t'
-horizontal tab
-
-@item L'\v'
-vertical tab
-@end table
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("space"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex upper-case character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswupper (wint_t @var{wc})
-Returns true if @var{wc} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("upper"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswxdigit (wint_t @var{wc})
-Returns true if @var{wc} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("xdigit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@Theglibc{} also provides a function which is not defined in the
-@w{ISO C} standard but which is available as a version for single byte
-characters as well.
-
-@cindex blank character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswblank (wint_t @var{wc})
-Returns true if @var{wc} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-It is declared in @file{wchar.h}.
-@end deftypefun
-
-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
-@section Notes on using the wide character classes
-
-The first note is probably not astonishing but still occasionally a
-cause of problems. The @code{isw@var{XXX}} functions can be implemented
-using macros and in fact, @theglibc{} does this. They are still
-available as real functions but when the @file{wctype.h} header is
-included the macros will be used. This is the same as the
-@code{char} type versions of these functions.
-
-The second note covers something new. It can be best illustrated by a
-(real-world) example. The first piece of code is an excerpt from the
-original code. It is truncated a bit but the intention should be clear.
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- if (strcmp (class, "alnum") == 0)
- return isalnum (c);
- if (strcmp (class, "alpha") == 0)
- return isalpha (c);
- if (strcmp (class, "cntrl") == 0)
- return iscntrl (c);
- @dots{}
- return 0;
-@}
-@end smallexample
-
-Now, with the @code{wctype} and @code{iswctype} you can avoid the
-@code{if} cascades, but rewriting the code as follows is wrong:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype ((wint_t) c, desc) : 0;
-@}
-@end smallexample
-
-The problem is that it is not guaranteed that the wide character
-representation of a single-byte character can be found using casting.
-In fact, usually this fails miserably. The correct solution to this
-problem is to write the code as follows:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype (btowc (c), desc) : 0;
-@}
-@end smallexample
-
-@xref{Converting a Character}, for more information on @code{btowc}.
-Note that this change probably does not improve the performance
-of the program a lot since the @code{wctype} function still has to make
-the string comparisons. It gets really interesting if the
-@code{is_in_class} function is called more than once for the
-same class name. In this case the variable @var{desc} could be computed
-once and reused for all the calls. Therefore the above form of the
-function is probably not the final one.
-
-
-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
-@section Mapping of wide characters.
-
-The classification functions are also generalized by the @w{ISO C}
-standard. Instead of just allowing the two standard mappings, a
-locale can contain others. Again, the @code{localedef} program
-already supports generating such locale data files.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data Type} wctrans_t
-This data type is defined as a scalar type which can hold a value
-representing the locale-dependent character mapping. There is no way to
-construct such a value apart from using the return value of the
-@code{wctrans} function.
-
-@pindex wctype.h
-@noindent
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-The @code{wctrans} function has to be used to find out whether a named
-mapping is defined in the current locale selected for the
-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
-it afterwards in calls to @code{towctrans}. If the return value is
-zero no such mapping is known in the current locale.
-
-Beside locale-specific mappings there are two mappings which are
-guaranteed to be available in every locale:
-
-@multitable @columnfractions .5 .5
-@item
-@code{"tolower"} @tab @code{"toupper"}
-@end multitable
-
-@pindex wctype.h
-@noindent
-These functions are declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
-@code{towctrans} maps the input character @var{wc}
-according to the rules of the mapping for which @var{desc} is a
-descriptor, and returns the value it finds. @var{desc} must be
-obtained by a successful call to @code{wctrans}.
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-For the generally available mappings, the @w{ISO C} standard defines
-convenient shortcuts so that it is not necessary to call @code{wctrans}
-for them.
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towlower (wint_t @var{wc})
-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
-lower-case letter. If @var{wc} is not an upper-case letter,
-@var{wc} is returned unchanged.
-
-@noindent
-@code{towlower} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("tolower"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towupper (wint_t @var{wc})
-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
-upper-case letter. Otherwise @var{wc} is returned unchanged.
-
-@noindent
-@code{towupper} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("toupper"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-The same warnings given in the last section for the use of the wide
-character classification functions apply here. It is not possible to
-simply cast a @code{char} type value to a @code{wint_t} and use it as an
-argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fa0e164579ef7d32d41b16568c2074df2d84ea0d
commit fa0e164579ef7d32d41b16568c2074df2d84ea0d
Merge: 0c6b51e cbc4be3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:18 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0c6b51ef21491ce02925e57be1ad62a3092f80bd
commit 0c6b51ef21491ce02925e57be1ad62a3092f80bd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:18 2013 -0300
pop
diff --git a/meta b/meta
index ef3aba8..67da860 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: baea205847066607047dd828d088c2a21b4fe579
-Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Previous: cbc4be3ddd767d1a801d3f67429eac5fff0e8967
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=cbc4be3ddd767d1a801d3f67429eac5fff0e8967
commit cbc4be3ddd767d1a801d3f67429eac5fff0e8967
Merge: 2d1d41c baea205
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:14 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2d1d41c7d1961ee9a8f9af4f26f29cabeb0e9b14
commit 2d1d41c7d1961ee9a8f9af4f26f29cabeb0e9b14
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:14 2013 -0300
push
diff --git a/meta b/meta
index a20a64c..ef3aba8 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: baea205847066607047dd828d088c2a21b4fe579
+Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
-Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=baea205847066607047dd828d088c2a21b4fe579
commit baea205847066607047dd828d088c2a21b4fe579
Merge: e1993fd 379d50f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:09 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e1993fd328095ec2bac2ce9d8c27be4419a1e6db
commit e1993fd328095ec2bac2ce9d8c27be4419a1e6db
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:09 2013 -0300
pop
diff --git a/meta b/meta
index e28cb54..a20a64c 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 68ad03a2bd4e779f8534fbbf955a2379d7675d61
-Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Previous: 379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
commit 379d50f1e70eccec6d2d0ac9d0dd082a9b27a50e
Merge: 4299902 68ad03a
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:06 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=429990230516f6434579b7a3523a920be3eec486
commit 429990230516f6434579b7a3523a920be3eec486
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:40:06 2013 -0300
push
diff --git a/meta b/meta
index f078157..e28cb54 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: 8d732b6a6019c8134449d0fd5d3cec94a3afe753
-Head: fbb71ce3cced40f87c25964011852d114f327c36
+Previous: 68ad03a2bd4e779f8534fbbf955a2379d7675d61
+Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
-Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=68ad03a2bd4e779f8534fbbf955a2379d7675d61
commit 68ad03a2bd4e779f8534fbbf955a2379d7675d61
Merge: be19042 8d732b6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:39:49 2013 -0300
rename
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=be19042545f83d50cbda072f3aaa8a179076107c
commit be19042545f83d50cbda072f3aaa8a179076107c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:39:49 2013 -0300
rename
diff --git a/meta b/meta
index c571acf..f078157 100644
--- a/meta
+++ b/meta
@@ -1,5 +1,5 @@
Version: 1
-Previous: 7ed2a05df36796dedeb1b73c973d17de5092684f
+Previous: 8d732b6a6019c8134449d0fd5d3cec94a3afe753
Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
@@ -9,7 +9,7 @@ Applied:
manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
- manual-document-mt-safety-ctype-wip.patch: fbb71ce3cced40f87c25964011852d114f327c36
+ manual-document-mt-safety-ctype.patch: fbb71ce3cced40f87c25964011852d114f327c36
Unapplied:
manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype.patch
similarity index 100%
rename from patches/manual-document-mt-safety-ctype-wip.patch
rename to patches/manual-document-mt-safety-ctype.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8d732b6a6019c8134449d0fd5d3cec94a3afe753
commit 8d732b6a6019c8134449d0fd5d3cec94a3afe753
Merge: 9836204 7ed2a05
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:38:56 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=98362048fdc4833994d62eadfdffa043cbb98bde
commit 98362048fdc4833994d62eadfdffa043cbb98bde
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 21:38:56 2013 -0300
pop
diff --git a/meta b/meta
index d70635d..c571acf 100644
--- a/meta
+++ b/meta
@@ -1,6 +1,6 @@
Version: 1
-Previous: b0ce064083475ab914baa5244960e369cf0a2e10
-Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
+Previous: 7ed2a05df36796dedeb1b73c973d17de5092684f
+Head: fbb71ce3cced40f87c25964011852d114f327c36
Applied:
manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
@@ -10,6 +10,6 @@ Applied:
manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
manual-document-mt-safety-ctype-wip.patch: fbb71ce3cced40f87c25964011852d114f327c36
- manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
commit 1ae8e2eabd22a74ff8a80a4b565df5b4c36fe12e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,6 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -730,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -749,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b1da9d49b81e23d658de4369181599c33e3acd9e
commit b1da9d49b81e23d658de4369181599c33e3acd9e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
deleted file mode 100644
index 3d13571..0000000
--- a/manual/ctype.texi
+++ /dev/null
@@ -1,770 +0,0 @@
-@node Character Handling, String and Array Utilities, Memory, Top
-@c %MENU% Character testing and conversion functions
-@chapter Character Handling
-
-Programs that work with characters and strings often need to classify a
-character---is it alphabetic, is it a digit, is it whitespace, and so
-on---and perform case conversion operations on characters. The
-functions in the header file @file{ctype.h} are provided for this
-purpose.
-@pindex ctype.h
-
-Since the choice of locale and character set can alter the
-classifications of particular character codes, all of these functions
-are affected by the current locale. (More precisely, they are affected
-by the locale currently selected for character classification---the
-@code{LC_CTYPE} category; see @ref{Locale Categories}.)
-
-The @w{ISO C} standard specifies two different sets of functions. The
-one set works on @code{char} type characters, the other one on
-@code{wchar_t} wide characters (@pxref{Extended Char Intro}).
-
-@menu
-* Classification of Characters:: Testing whether characters are
- letters, digits, punctuation, etc.
-
-* Case Conversion:: Case mapping, and the like.
-* Classification of Wide Characters:: Character class determination for
- wide characters.
-* Using Wide Char Classes:: Notes on using the wide character
- classes.
-* Wide Character Case Conversion:: Mapping of wide characters.
-@end menu
-
-@node Classification of Characters, Case Conversion, , Character Handling
-@section Classification of Characters
-@cindex character testing
-@cindex classification of characters
-@cindex predicates on characters
-@cindex character predicates
-
-This section explains the library functions for classifying characters.
-For example, @code{isalpha} is the function to test for an alphabetic
-character. It takes one argument, the character to test, and returns a
-nonzero integer if the character is alphabetic, and zero otherwise. You
-would use it like this:
-
-@smallexample
-if (isalpha (c))
- printf ("The character `%c' is alphabetic.\n", c);
-@end smallexample
-
-Each of the functions in this section tests for membership in a
-particular class of characters; each has a name starting with @samp{is}.
-Each of them takes one argument, which is a character to test, and
-returns an @code{int} which is treated as a boolean value. The
-character argument is passed as an @code{int}, and it may be the
-constant value @code{EOF} instead of a real character.
-
-The attributes of any given character can vary between locales.
-@xref{Locales}, for more information on locales.@refill
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int islower (int @var{c})
-Returns true if @var{c} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex upper-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int isupper (int @var{c})
-Returns true if @var{c} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-@end deftypefun
-
-@cindex alphabetic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalpha (int @var{c})
-Returns true if @var{c} is an alphabetic character (a letter). If
-@code{islower} or @code{isupper} is true of a character, then
-@code{isalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{isalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-@end deftypefun
-
-@cindex digit character
-@cindex decimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isdigit (int @var{c})
-Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
-@end deftypefun
-
-@cindex alphanumeric character
-@comment ctype.h
-@comment ISO
-@deftypefun int isalnum (int @var{c})
-Returns true if @var{c} is an alphanumeric character (a letter or
-number); in other words, if either @code{isalpha} or @code{isdigit} is
-true of a character, then @code{isalnum} is also true.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment ctype.h
-@comment ISO
-@deftypefun int isxdigit (int @var{c})
-Returns true if @var{c} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-@end deftypefun
-
-@cindex punctuation character
-@comment ctype.h
-@comment ISO
-@deftypefun int ispunct (int @var{c})
-Returns true if @var{c} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-@end deftypefun
-
-@cindex whitespace character
-@comment ctype.h
-@comment ISO
-@deftypefun int isspace (int @var{c})
-Returns true if @var{c} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{isspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item ' '
-space
-
-@item '\f'
-formfeed
-
-@item '\n'
-newline
-
-@item '\r'
-carriage return
-
-@item '\t'
-horizontal tab
-
-@item '\v'
-vertical tab
-@end table
-@end deftypefun
-
-@cindex blank character
-@comment ctype.h
-@comment ISO
-@deftypefun int isblank (int @var{c})
-Returns true if @var{c} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-@end deftypefun
-
-@cindex graphic character
-@comment ctype.h
-@comment ISO
-@deftypefun int isgraph (int @var{c})
-Returns true if @var{c} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-@end deftypefun
-
-@cindex printing character
-@comment ctype.h
-@comment ISO
-@deftypefun int isprint (int @var{c})
-Returns true if @var{c} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-@end deftypefun
-
-@cindex control character
-@comment ctype.h
-@comment ISO
-@deftypefun int iscntrl (int @var{c})
-Returns true if @var{c} is a control character (that is, a character that
-is not a printing character).
-@end deftypefun
-
-@cindex ASCII character
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int isascii (int @var{c})
-Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
-into the US/UK ASCII character set. This function is a BSD extension
-and is also an SVID extension.
-@end deftypefun
-
-@node Case Conversion, Classification of Wide Characters, Classification of Characters, Character Handling
-@section Case Conversion
-@cindex character case conversion
-@cindex case conversion of characters
-@cindex converting case of characters
-
-This section explains the library functions for performing conversions
-such as case mappings on characters. For example, @code{toupper}
-converts any character to upper case if possible. If the character
-can't be converted, @code{toupper} returns it unchanged.
-
-These functions take one argument of type @code{int}, which is the
-character to convert, and return the converted character as an
-@code{int}. If the conversion is not applicable to the argument given,
-the argument is returned unchanged.
-
-@strong{Compatibility Note:} In pre-@w{ISO C} dialects, instead of
-returning the argument unchanged, these functions may fail when the
-argument is not suitable for the conversion. Thus for portability, you
-may need to write @code{islower(c) ? toupper(c) : c} rather than just
-@code{toupper(c)}.
-
-These functions are declared in the header file @file{ctype.h}.
-@pindex ctype.h
-
-@comment ctype.h
-@comment ISO
-@deftypefun int tolower (int @var{c})
-If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
-lower-case letter. If @var{c} is not an upper-case letter,
-@var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment ISO
-@deftypefun int toupper (int @var{c})
-If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
-upper-case letter. Otherwise @var{c} is returned unchanged.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID, BSD
-@deftypefun int toascii (int @var{c})
-This function converts @var{c} to a 7-bit @code{unsigned char} value
-that fits into the US/UK ASCII character set, by clearing the high-order
-bits. This function is a BSD extension and is also an SVID extension.
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _tolower (int @var{c})
-This is identical to @code{tolower}, and is provided for compatibility
-with the SVID. @xref{SVID}.@refill
-@end deftypefun
-
-@comment ctype.h
-@comment SVID
-@deftypefun int _toupper (int @var{c})
-This is identical to @code{toupper}, and is provided for compatibility
-with the SVID.
-@end deftypefun
-
-
-@node Classification of Wide Characters, Using Wide Char Classes, Case Conversion, Character Handling
-@section Character class determination for wide characters
-
-@w{Amendment 1} to @w{ISO C90} defines functions to classify wide
-characters. Although the original @w{ISO C90} standard already defined
-the type @code{wchar_t}, no functions operating on them were defined.
-
-The general design of the classification functions for wide characters
-is more general. It allows extensions to the set of available
-classifications, beyond those which are always available. The POSIX
-standard specifies how extensions can be made, and this is already
-implemented in the @glibcadj{} implementation of the @code{localedef}
-program.
-
-The character class functions are normally implemented with bitsets,
-with a bitset per character. For a given character, the appropriate
-bitset is read from a table and a test is performed as to whether a
-certain bit is set. Which bit is tested for is determined by the
-class.
-
-For the wide character classification functions this is made visible.
-There is a type classification type defined, a function to retrieve this
-value for a given class, and a function to test whether a given
-character is in this class, using the classification value. On top of
-this the normal character classification functions as used for
-@code{char} objects can be defined.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data type} wctype_t
-The @code{wctype_t} can hold a value which represents a character class.
-The only defined way to generate such a value is by using the
-@code{wctype} function.
-
-@pindex wctype.h
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctype_t wctype (const char *@var{property})
-The @code{wctype} returns a value representing a class of wide
-characters which is identified by the string @var{property}. Beside
-some standard properties each locale can define its own ones. In case
-no property with the given name is known for the current locale
-selected for the @code{LC_CTYPE} category, the function returns zero.
-
-@noindent
-The properties known in every locale are:
-
-@multitable @columnfractions .25 .25 .25 .25
-@item
-@code{"alnum"} @tab @code{"alpha"} @tab @code{"cntrl"} @tab @code{"digit"}
-@item
-@code{"graph"} @tab @code{"lower"} @tab @code{"print"} @tab @code{"punct"}
-@item
-@code{"space"} @tab @code{"upper"} @tab @code{"xdigit"}
-@end multitable
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To test the membership of a character to one of the non-standard classes
-the @w{ISO C} standard defines a completely new function.
-
-@comment wctype.h
-@comment ISO
-@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
-This function returns a nonzero value if @var{wc} is in the character
-class specified by @var{desc}. @var{desc} must previously be returned
-by a successful call to @code{wctype}.
-
-@pindex wctype.h
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-To make it easier to use the commonly-used classification functions,
-they are defined in the C library. There is no need to use
-@code{wctype} if the property string is one of the known character
-classes. In some situations it is desirable to construct the property
-strings, and then it is important that @code{wctype} can also handle the
-standard classes.
-
-@cindex alphanumeric character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalnum (wint_t @var{wc})
-This function returns a nonzero value if @var{wc} is an alphanumeric
-character (a letter or number); in other words, if either @code{iswalpha}
-or @code{iswdigit} is true of a character, then @code{iswalnum} is also
-true.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alnum"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex alphabetic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswalpha (wint_t @var{wc})
-Returns true if @var{wc} is an alphabetic character (a letter). If
-@code{iswlower} or @code{iswupper} is true of a character, then
-@code{iswalpha} is also true.
-
-In some locales, there may be additional characters for which
-@code{iswalpha} is true---letters which are neither upper case nor lower
-case. But in the standard @code{"C"} locale, there are no such
-additional characters.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("alpha"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex control character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswcntrl (wint_t @var{wc})
-Returns true if @var{wc} is a control character (that is, a character that
-is not a printing character).
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("cntrl"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswdigit (wint_t @var{wc})
-Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
-Please note that this function does not only return a nonzero value for
-@emph{decimal} digits, but for all kinds of digits. A consequence is
-that code like the following will @strong{not} work unconditionally for
-wide characters:
-
-@smallexample
-n = 0;
-while (iswdigit (*wc))
- @{
- n *= 10;
- n += *wc++ - L'0';
- @}
-@end smallexample
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("digit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex graphic character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswgraph (wint_t @var{wc})
-Returns true if @var{wc} is a graphic character; that is, a character
-that has a glyph associated with it. The whitespace characters are not
-considered graphic.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("graph"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex lower-case character
-@comment ctype.h
-@comment ISO
-@deftypefun int iswlower (wint_t @var{wc})
-Returns true if @var{wc} is a lower-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("lower"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex printing character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswprint (wint_t @var{wc})
-Returns true if @var{wc} is a printing character. Printing characters
-include all the graphic characters, plus the space (@samp{ }) character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("print"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex punctuation character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswpunct (wint_t @var{wc})
-Returns true if @var{wc} is a punctuation character.
-This means any printing character that is not alphanumeric or a space
-character.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("punct"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex whitespace character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswspace (wint_t @var{wc})
-Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
-@code{"C"} locale, @code{iswspace} returns true for only the standard
-whitespace characters:
-
-@table @code
-@item L' '
-space
-
-@item L'\f'
-formfeed
-
-@item L'\n'
-newline
-
-@item L'\r'
-carriage return
-
-@item L'\t'
-horizontal tab
-
-@item L'\v'
-vertical tab
-@end table
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("space"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex upper-case character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswupper (wint_t @var{wc})
-Returns true if @var{wc} is an upper-case letter. The letter need not be
-from the Latin alphabet, any alphabet representable is valid.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("upper"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@cindex hexadecimal digit character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswxdigit (wint_t @var{wc})
-Returns true if @var{wc} is a hexadecimal digit.
-Hexadecimal digits include the normal decimal digits @samp{0} through
-@samp{9} and the letters @samp{A} through @samp{F} and
-@samp{a} through @samp{f}.
-
-@noindent
-This function can be implemented using
-
-@smallexample
-iswctype (wc, wctype ("xdigit"))
-@end smallexample
-
-@pindex wctype.h
-It is declared in @file{wctype.h}.
-@end deftypefun
-
-@Theglibc{} also provides a function which is not defined in the
-@w{ISO C} standard but which is available as a version for single byte
-characters as well.
-
-@cindex blank character
-@comment wctype.h
-@comment ISO
-@deftypefun int iswblank (wint_t @var{wc})
-Returns true if @var{wc} is a blank character; that is, a space or a tab.
-This function was originally a GNU extension, but was added in @w{ISO C99}.
-It is declared in @file{wchar.h}.
-@end deftypefun
-
-@node Using Wide Char Classes, Wide Character Case Conversion, Classification of Wide Characters, Character Handling
-@section Notes on using the wide character classes
-
-The first note is probably not astonishing but still occasionally a
-cause of problems. The @code{isw@var{XXX}} functions can be implemented
-using macros and in fact, @theglibc{} does this. They are still
-available as real functions but when the @file{wctype.h} header is
-included the macros will be used. This is the same as the
-@code{char} type versions of these functions.
-
-The second note covers something new. It can be best illustrated by a
-(real-world) example. The first piece of code is an excerpt from the
-original code. It is truncated a bit but the intention should be clear.
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- if (strcmp (class, "alnum") == 0)
- return isalnum (c);
- if (strcmp (class, "alpha") == 0)
- return isalpha (c);
- if (strcmp (class, "cntrl") == 0)
- return iscntrl (c);
- @dots{}
- return 0;
-@}
-@end smallexample
-
-Now, with the @code{wctype} and @code{iswctype} you can avoid the
-@code{if} cascades, but rewriting the code as follows is wrong:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype ((wint_t) c, desc) : 0;
-@}
-@end smallexample
-
-The problem is that it is not guaranteed that the wide character
-representation of a single-byte character can be found using casting.
-In fact, usually this fails miserably. The correct solution to this
-problem is to write the code as follows:
-
-@smallexample
-int
-is_in_class (int c, const char *class)
-@{
- wctype_t desc = wctype (class);
- return desc ? iswctype (btowc (c), desc) : 0;
-@}
-@end smallexample
-
-@xref{Converting a Character}, for more information on @code{btowc}.
-Note that this change probably does not improve the performance
-of the program a lot since the @code{wctype} function still has to make
-the string comparisons. It gets really interesting if the
-@code{is_in_class} function is called more than once for the
-same class name. In this case the variable @var{desc} could be computed
-once and reused for all the calls. Therefore the above form of the
-function is probably not the final one.
-
-
-@node Wide Character Case Conversion, , Using Wide Char Classes, Character Handling
-@section Mapping of wide characters.
-
-The classification functions are also generalized by the @w{ISO C}
-standard. Instead of just allowing the two standard mappings, a
-locale can contain others. Again, the @code{localedef} program
-already supports generating such locale data files.
-
-@comment wctype.h
-@comment ISO
-@deftp {Data Type} wctrans_t
-This data type is defined as a scalar type which can hold a value
-representing the locale-dependent character mapping. There is no way to
-construct such a value apart from using the return value of the
-@code{wctrans} function.
-
-@pindex wctype.h
-@noindent
-This type is defined in @file{wctype.h}.
-@end deftp
-
-@comment wctype.h
-@comment ISO
-@deftypefun wctrans_t wctrans (const char *@var{property})
-The @code{wctrans} function has to be used to find out whether a named
-mapping is defined in the current locale selected for the
-@code{LC_CTYPE} category. If the returned value is non-zero, you can use
-it afterwards in calls to @code{towctrans}. If the return value is
-zero no such mapping is known in the current locale.
-
-Beside locale-specific mappings there are two mappings which are
-guaranteed to be available in every locale:
-
-@multitable @columnfractions .5 .5
-@item
-@code{"tolower"} @tab @code{"toupper"}
-@end multitable
-
-@pindex wctype.h
-@noindent
-These functions are declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@code{towctrans} maps the input character @var{wc}
-according to the rules of the mapping for which @var{desc} is a
-descriptor, and returns the value it finds. @var{desc} must be
-obtained by a successful call to @code{wctrans}.
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-For the generally available mappings, the @w{ISO C} standard defines
-convenient shortcuts so that it is not necessary to call @code{wctrans}
-for them.
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towlower (wint_t @var{wc})
-If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
-lower-case letter. If @var{wc} is not an upper-case letter,
-@var{wc} is returned unchanged.
-
-@noindent
-@code{towlower} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("tolower"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-@comment wctype.h
-@comment ISO
-@deftypefun wint_t towupper (wint_t @var{wc})
-If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
-upper-case letter. Otherwise @var{wc} is returned unchanged.
-
-@noindent
-@code{towupper} can be implemented using
-
-@smallexample
-towctrans (wc, wctrans ("toupper"))
-@end smallexample
-
-@pindex wctype.h
-@noindent
-This function is declared in @file{wctype.h}.
-@end deftypefun
-
-The same warnings given in the last section for the use of the wide
-character classification functions apply here. It is not possible to
-simply cast a @code{char} type value to a @code{wint_t} and use it as an
-argument to @code{towctrans} calls.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7ed2a05df36796dedeb1b73c973d17de5092684f
commit 7ed2a05df36796dedeb1b73c973d17de5092684f
Merge: 8dc671d b0ce064 ed7e9cc
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=8dc671dd7896ddf29bae4235f187d282b8fa12b9
commit 8dc671dd7896ddf29bae4235f187d282b8fa12b9
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:41 2013 -0300
pull
diff --git a/meta b/meta
index f58fa10..d70635d 100644
--- a/meta
+++ b/meta
@@ -1,15 +1,15 @@
Version: 1
-Previous: 1105dbbfefb70928dddf6224c380ee647b74e574
-Head: 3877ab63574b2d23eac947fed521b7c3999c8d9f
+Previous: b0ce064083475ab914baa5244960e369cf0a2e10
+Head: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Applied:
- manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
- powerpc-nofpu-sim-note-nothread.patch: 134de3fab35b91543080d25a276ab00593d15be7
- unused-scalb-is-scalbn.patch: abc6d481de5aabe5a3a019a29cc747e55230600e
- manual-document-mt-safety-arith.patch: e9e5cf9f32d9b8147c0c8097478f8d623709d917
- manual-document-mt-safety-stdio.patch: d0a89c9db96cfa69b1e445b45d29ebb5d783b899
- manual-document-mt-safety-locale.patch: b6d0a7e40695997390c967a9c1255fc1813c84b0
- manual-document-mt-safety-math.patch: c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
- manual-document-mt-safety-ctype-wip.patch: 59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
- manual-document-mt-safety-wip.patch: 3877ab63574b2d23eac947fed521b7c3999c8d9f
+ manual-document-mt-safety.patch: f159288e81a5a769e1274527d307f82bd918d8e5
+ powerpc-nofpu-sim-note-nothread.patch: 6f9592e7a7e327deae62aae99a5238cfba2d572d
+ unused-scalb-is-scalbn.patch: 04381689562081fc1e2328e5807e0dc537c1c5fc
+ manual-document-mt-safety-arith.patch: b0aaf99a53ebe756b3b61930b0d42fd5b51dd71d
+ manual-document-mt-safety-stdio.patch: 49427f4017a13662522c4247e1eed08f867a3d73
+ manual-document-mt-safety-locale.patch: 0f17febc6eced1c8227402f12867a400ba58bd74
+ manual-document-mt-safety-math.patch: edeb8dbee9aa4cdef77764287545e16903acea6d
+ manual-document-mt-safety-ctype-wip.patch: fbb71ce3cced40f87c25964011852d114f327c36
+ manual-document-mt-safety-wip.patch: ed7e9cc5265b17c5dc7dc5bcd72b7247ad574f85
Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 471af98..5f1c9c2 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,7 +1,7 @@
-Bottom: da0e6ebd226c97d69a880a83a3458d1290cb0a33
-Top: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
+Bottom: 6c9a45167e9f148c725e5d962b1cd083292f0adf
+Top: e75a47b5ad278b7f85e5420cd63cda069e0b7030
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:39 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype-wip.patch
index e2d64bc..9799a98 100644
--- a/patches/manual-document-mt-safety-ctype-wip.patch
+++ b/patches/manual-document-mt-safety-ctype-wip.patch
@@ -1,7 +1,7 @@
-Bottom: 78fe1791b80475e24bb082448c82b31a599bb2cd
-Top: eda06e358bd7339a7b33c1798edc9038d99aafaf
+Bottom: 493d959bda4db41836ea91b2b9685b47ab733575
+Top: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:43 -0300
+Date: 2013-08-13 15:29:41 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index c5c4fa4..a5cc454 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,7 +1,7 @@
-Bottom: 7803afb16b44ea9e7a20effc6b009b4417ede858
-Top: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
+Bottom: e394e37491899340294bfd977f43c098c558c2b1
+Top: e7a76e5bc200b56429777851aab7bce4bcbb7c56
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:40 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 79e98aa..ebdf1e4 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,7 +1,7 @@
-Bottom: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
-Top: 78fe1791b80475e24bb082448c82b31a599bb2cd
+Bottom: e7a76e5bc200b56429777851aab7bce4bcbb7c56
+Top: 493d959bda4db41836ea91b2b9685b47ab733575
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:41 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index d0907aa..8aae437 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,7 +1,7 @@
-Bottom: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
-Top: 7803afb16b44ea9e7a20effc6b009b4417ede858
+Bottom: e75a47b5ad278b7f85e5420cd63cda069e0b7030
+Top: e394e37491899340294bfd977f43c098c558c2b1
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:40 -0300
+Date: 2013-08-13 15:29:40 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index c9edc3e..83ac8f5 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,7 +1,7 @@
-Bottom: eda06e358bd7339a7b33c1798edc9038d99aafaf
-Top: b3048f1f29a3cb611e8590355a732220e79312c6
+Bottom: 1f38562405d3b5dadb8c27bd94ec1cba5a2481da
+Top: 7472b1dd7a8cc8760b98cd08cb7f8418374249ed
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:48 -0300
+Date: 2013-08-13 15:29:41 -0300
Thread safety documentation.
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 66d3159..6bdec13 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: efed39b7ade4b9cbc21039a1156412424917f48d
-Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Bottom: fde38f49e9ff8e251fc3a4c9a8d5f194ba6decbf
+Top: f865586a6c7ce831d9285c15a3df95a5b593b24b
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-07-30 04:54:56 -0300
+Date: 2013-08-13 15:29:39 -0300
Thread safety documentation.
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index c35921d..e415a47 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,7 +1,7 @@
-Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
-Top: 4e74d806c3244a3036ccfd773571125e92181033
+Bottom: f865586a6c7ce831d9285c15a3df95a5b593b24b
+Top: 6ecb4948f5afac7b2e943164b461bf059c000127
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:36 -0300
+Date: 2013-08-13 15:29:39 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 4f1dac0..d6b66ee 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,7 +1,7 @@
-Bottom: 4e74d806c3244a3036ccfd773571125e92181033
-Top: da0e6ebd226c97d69a880a83a3458d1290cb0a33
+Bottom: 6ecb4948f5afac7b2e943164b461bf059c000127
+Top: 6c9a45167e9f148c725e5d962b1cd083292f0adf
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:37 -0300
+Date: 2013-08-13 15:29:39 -0300
Rename unused scalb to scalbn to match prototype.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=60f0d7aaa66504b3818d82ea8691b365f4f55dc5
commit 60f0d7aaa66504b3818d82ea8691b365f4f55dc5
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -318,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -354,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -368,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -379,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -390,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -410,6 +420,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +434,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +457,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +726,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +752,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +768,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +805,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +817,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +973,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +984,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1029,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1040,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1079,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1089,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1110,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1123,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1136,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1188,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1210,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1224,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1262,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1288,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1310,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1323,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1337,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1351,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1386,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1401,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1416,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1431,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1452,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1466,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1481,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1495,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1509,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1523,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1538,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1565,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1588,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1612,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1634,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1650,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1669,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1693,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1709,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1745,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1754,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1763,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1772,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1781,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1794,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1828,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1849,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1866,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1884,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2014,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2027,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2040,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2055,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2074,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2120,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2193,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2203,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2222,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2232,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2249,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2259,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2276,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2286,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2296,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2313,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2330,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2340,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2351,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2361,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2371,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2380,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2445,35 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2559,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2579,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2592,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2619,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2645,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2664,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2681,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2690,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2699,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2720,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2732,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2744,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2756,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=351fb371fa127df8fa5e27b38a330e4258b35180
commit 351fb371fa127df8fa5e27b38a330e4258b35180
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Aug 13 15:29:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,411 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b0ce064083475ab914baa5244960e369cf0a2e10
commit b0ce064083475ab914baa5244960e369cf0a2e10
Merge: f39e49a 3877ab6 1105dbb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:14 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f39e49a9c7a1d54c0be1718ff13feb587b8fdcca
commit f39e49a9c7a1d54c0be1718ff13feb587b8fdcca
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:14 2013 -0300
push
diff --git a/meta b/meta
index ae7cb86..f58fa10 100644
--- a/meta
+++ b/meta
@@ -1,15 +1,15 @@
Version: 1
-Previous: b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
-Head: 134de3fab35b91543080d25a276ab00593d15be7
+Previous: 1105dbbfefb70928dddf6224c380ee647b74e574
+Head: 3877ab63574b2d23eac947fed521b7c3999c8d9f
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
powerpc-nofpu-sim-note-nothread.patch: 134de3fab35b91543080d25a276ab00593d15be7
+ unused-scalb-is-scalbn.patch: abc6d481de5aabe5a3a019a29cc747e55230600e
+ manual-document-mt-safety-arith.patch: e9e5cf9f32d9b8147c0c8097478f8d623709d917
+ manual-document-mt-safety-stdio.patch: d0a89c9db96cfa69b1e445b45d29ebb5d783b899
+ manual-document-mt-safety-locale.patch: b6d0a7e40695997390c967a9c1255fc1813c84b0
+ manual-document-mt-safety-math.patch: c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
+ manual-document-mt-safety-ctype-wip.patch: 59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
+ manual-document-mt-safety-wip.patch: 3877ab63574b2d23eac947fed521b7c3999c8d9f
Unapplied:
- unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
- manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
- manual-document-mt-safety-stdio.patch: 29204588dcc2ae4b2c07025a50f8018c87cdc409
- manual-document-mt-safety-locale.patch: 2138bb13b72835109d53a470595be6f31f485113
- manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
- manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
- manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
Hidden:
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
index 6d56f45..471af98 100644
--- a/patches/manual-document-mt-safety-arith.patch
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -1,5 +1,5 @@
-Bottom: 58842960ffbf63afb50845d77d86b584785bfb5d
-Top: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
+Bottom: da0e6ebd226c97d69a880a83a3458d1290cb0a33
+Top: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:39 -0300
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype-wip.patch
index 2751123..e2d64bc 100644
--- a/patches/manual-document-mt-safety-ctype-wip.patch
+++ b/patches/manual-document-mt-safety-ctype-wip.patch
@@ -1,5 +1,5 @@
-Bottom: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
-Top: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
+Bottom: 78fe1791b80475e24bb082448c82b31a599bb2cd
+Top: eda06e358bd7339a7b33c1798edc9038d99aafaf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:43 -0300
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
index def6108..c5c4fa4 100644
--- a/patches/manual-document-mt-safety-locale.patch
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -1,5 +1,5 @@
-Bottom: e742d008a73a9279e0234fe6e8416e0b74b22645
-Top: b6a7df74e1dd769dd2a68885320bde2bae038277
+Bottom: 7803afb16b44ea9e7a20effc6b009b4417ede858
+Top: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:40 -0300
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
index 14df6f3..79e98aa 100644
--- a/patches/manual-document-mt-safety-math.patch
+++ b/patches/manual-document-mt-safety-math.patch
@@ -1,5 +1,5 @@
-Bottom: b6a7df74e1dd769dd2a68885320bde2bae038277
-Top: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
+Bottom: 7ddaf06032faa5cbc050d572e2e304aee7a0a055
+Top: 78fe1791b80475e24bb082448c82b31a599bb2cd
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:41 -0300
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
index 2088f94..d0907aa 100644
--- a/patches/manual-document-mt-safety-stdio.patch
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -1,5 +1,5 @@
-Bottom: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
-Top: e742d008a73a9279e0234fe6e8416e0b74b22645
+Bottom: 2739c166ffd8b16196598bf6ae81a1eb59c5da67
+Top: 7803afb16b44ea9e7a20effc6b009b4417ede858
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:40 -0300
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
index 31af2c2..c9edc3e 100644
--- a/patches/manual-document-mt-safety-wip.patch
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -1,5 +1,5 @@
-Bottom: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
-Top: 7e6a83a1413d637cd4076c377f2dc632dc928b39
+Bottom: eda06e358bd7339a7b33c1798edc9038d99aafaf
+Top: b3048f1f29a3cb611e8590355a732220e79312c6
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:48 -0300
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
index 2e01b9a..4f1dac0 100644
--- a/patches/unused-scalb-is-scalbn.patch
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -1,5 +1,5 @@
-Bottom: 83a97471a9f798dbf70f921529bea532c0632478
-Top: 58842960ffbf63afb50845d77d86b584785bfb5d
+Bottom: 4e74d806c3244a3036ccfd773571125e92181033
+Top: da0e6ebd226c97d69a880a83a3458d1290cb0a33
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:37 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3877ab63574b2d23eac947fed521b7c3999c8d9f
commit 3877ab63574b2d23eac947fed521b7c3999c8d9f
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:48 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
diff --git a/manual/ctype.texi b/manual/ctype.texi
index f05d509..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -732,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
commit 59ba7a5b73180e9b6b3a8a780c794019f3b4fb8e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:43 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..f05d509 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
commit c9ff7cfa5b3b4eb6799616ecce3a99944b7642d3
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6d0a7e40695997390c967a9c1255fc1813c84b0
commit b6d0a7e40695997390c967a9c1255fc1813c84b0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d0a89c9db96cfa69b1e445b45d29ebb5d783b899
commit d0a89c9db96cfa69b1e445b45d29ebb5d783b899
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e9e5cf9f32d9b8147c0c8097478f8d623709d917
commit e9e5cf9f32d9b8147c0c8097478f8d623709d917
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..833e0c9 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +452,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +747,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +763,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +800,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +812,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +968,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1035,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1074,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1084,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1396,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1447,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1476,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1560,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1629,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1704,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1740,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2115,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2375,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2440,9 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2633,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2689,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2701,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2713,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2725,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=abc6d481de5aabe5a3a019a29cc747e55230600e
commit abc6d481de5aabe5a3a019a29cc747e55230600e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:37 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1105dbbfefb70928dddf6224c380ee647b74e574
commit 1105dbbfefb70928dddf6224c380ee647b74e574
Merge: 07168b5 134de3f b6698eb
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:08 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=07168b5e6186608722e903b5d411b0a2a21b1cec
commit 07168b5e6186608722e903b5d411b0a2a21b1cec
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:57:08 2013 -0300
push
diff --git a/meta b/meta
index 958622e..ae7cb86 100644
--- a/meta
+++ b/meta
@@ -1,10 +1,10 @@
Version: 1
-Previous: afe9eb86872a7e5e07a87c8e33221ce8196d1185
-Head: efc461350d9249c7b45dd1711d026868b38f051c
+Previous: b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
+Head: 134de3fab35b91543080d25a276ab00593d15be7
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
+ powerpc-nofpu-sim-note-nothread.patch: 134de3fab35b91543080d25a276ab00593d15be7
Unapplied:
- powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
manual-document-mt-safety-stdio.patch: 29204588dcc2ae4b2c07025a50f8018c87cdc409
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
index fb9723a..c35921d 100644
--- a/patches/powerpc-nofpu-sim-note-nothread.patch
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -1,5 +1,5 @@
-Bottom: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
-Top: 83a97471a9f798dbf70f921529bea532c0632478
+Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Top: 4e74d806c3244a3036ccfd773571125e92181033
Author: Alexandre Oliva <aoliva@redhat.com>
Date: 2013-06-26 10:46:36 -0300
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=134de3fab35b91543080d25a276ab00593d15be7
commit 134de3fab35b91543080d25a276ab00593d15be7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:36 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
commit b6698ebaf34ee4eee6fdf262dda1f0e6326ec8f5
Merge: 967f99a afe9eb8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:53 2013 -0300
refresh
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=967f99ae29dc6f98fada7ff3785f043818b1c529
commit 967f99ae29dc6f98fada7ff3785f043818b1c529
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:53 2013 -0300
refresh
diff --git a/meta b/meta
index 5938411..958622e 100644
--- a/meta
+++ b/meta
@@ -1,9 +1,8 @@
Version: 1
-Previous: c2ae60832456ff1f7dde39f32ff789261f07cc0c
-Head: 5302cf4e2b425ad6a577644de0e2778aebbeda47
+Previous: afe9eb86872a7e5e07a87c8e33221ce8196d1185
+Head: efc461350d9249c7b45dd1711d026868b38f051c
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
- refresh-temp: 5302cf4e2b425ad6a577644de0e2778aebbeda47
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
diff --git a/patches/refresh-temp b/patches/refresh-temp
deleted file mode 100644
index d57ecf9..0000000
--- a/patches/refresh-temp
+++ /dev/null
@@ -1,10 +0,0 @@
-Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
-Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
-Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-07-30 04:56:50 -0300
-
-Refresh of manual-document-mt-safety.patch
-
----
-
-
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=afe9eb86872a7e5e07a87c8e33221ce8196d1185
commit afe9eb86872a7e5e07a87c8e33221ce8196d1185
Merge: ba8cbfe 5302cf4 c2ae608
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:52 2013 -0300
refresh (create temporary patch)
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ba8cbfe1b08c4a5f248b91b79ed7741969b300c7
commit ba8cbfe1b08c4a5f248b91b79ed7741969b300c7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:51 2013 -0300
refresh (create temporary patch)
diff --git a/meta b/meta
index 4861167..5938411 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: 972123921bf2c298d20034ac9f070b30ad7db958
-Head: efc461350d9249c7b45dd1711d026868b38f051c
+Previous: c2ae60832456ff1f7dde39f32ff789261f07cc0c
+Head: 5302cf4e2b425ad6a577644de0e2778aebbeda47
Applied:
manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
+ refresh-temp: 5302cf4e2b425ad6a577644de0e2778aebbeda47
Unapplied:
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
diff --git a/patches/refresh-temp b/patches/refresh-temp
new file mode 100644
index 0000000..d57ecf9
--- /dev/null
+++ b/patches/refresh-temp
@@ -0,0 +1,10 @@
+Bottom: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-07-30 04:56:50 -0300
+
+Refresh of manual-document-mt-safety.patch
+
+---
+
+
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=5302cf4e2b425ad6a577644de0e2778aebbeda47
commit 5302cf4e2b425ad6a577644de0e2778aebbeda47
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:56:50 2013 -0300
Refresh of manual-document-mt-safety.patch
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=efc461350d9249c7b45dd1711d026868b38f051c
commit efc461350d9249c7b45dd1711d026868b38f051c
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:54:56 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..2630a77 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the latter function may observe a partially updated,
+inconsistent data structure, and misbehave.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c2ae60832456ff1f7dde39f32ff789261f07cc0c
commit c2ae60832456ff1f7dde39f32ff789261f07cc0c
Merge: fe515c9 9721239 efc4613
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:54:56 2013 -0300
pull
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=fe515c972a5db7233f15cf86bc70f83d5382cfd0
commit fe515c972a5db7233f15cf86bc70f83d5382cfd0
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:54:56 2013 -0300
pull
diff --git a/meta b/meta
index 07529f5..4861167 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,9 @@
Version: 1
-Previous: 0cd347e77152d781992666f79ede349337ff1e2a
-Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Previous: 972123921bf2c298d20034ac9f070b30ad7db958
+Head: efc461350d9249c7b45dd1711d026868b38f051c
Applied:
- manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
+ manual-document-mt-safety.patch: efc461350d9249c7b45dd1711d026868b38f051c
+Unapplied:
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
@@ -11,5 +12,4 @@ Applied:
manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
-Unapplied:
Hidden:
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
index 09977f1..66d3159 100644
--- a/patches/manual-document-mt-safety.patch
+++ b/patches/manual-document-mt-safety.patch
@@ -1,7 +1,7 @@
-Bottom: 13f15f706fb1ff430a99cba2788b2c38389fb60e
-Top: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
+Bottom: efed39b7ade4b9cbc21039a1156412424917f48d
+Top: 539050bc4b84d23577ed07dc19f9da5286a45dac
Author: Alexandre Oliva <aoliva@redhat.com>
-Date: 2013-06-26 10:46:35 -0300
+Date: 2013-07-30 04:54:56 -0300
Thread safety documentation.
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=972123921bf2c298d20034ac9f070b30ad7db958
commit 972123921bf2c298d20034ac9f070b30ad7db958
Merge: ea4fba3 0cd347e
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:56 2013 -0300
push
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ea4fba346a4d8499e2a0c063caf1a51cf4f9b6ef
commit ea4fba346a4d8499e2a0c063caf1a51cf4f9b6ef
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:56 2013 -0300
push
diff --git a/meta b/meta
index 342e7f8..07529f5 100644
--- a/meta
+++ b/meta
@@ -1,8 +1,7 @@
Version: 1
-Previous: f618714f0d41bb4db78aaa249202934f8c95d2dd
-Head: 89756a8cdb72c3741aa01e97d4ec8c4b30da585b
+Previous: 0cd347e77152d781992666f79ede349337ff1e2a
+Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
Applied:
-Unapplied:
manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
@@ -12,4 +11,5 @@ Unapplied:
manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0cd347e77152d781992666f79ede349337ff1e2a
commit 0cd347e77152d781992666f79ede349337ff1e2a
Merge: e82e52b f618714 89756a8
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:45 2013 -0300
pop
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e82e52b64d56c2a395b94ac311b5418947b7b344
commit e82e52b64d56c2a395b94ac311b5418947b7b344
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:45 2013 -0300
pop
diff --git a/meta b/meta
index 098d519..342e7f8 100644
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
Version: 1
-Previous: None
-Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Previous: f618714f0d41bb4db78aaa249202934f8c95d2dd
+Head: 89756a8cdb72c3741aa01e97d4ec8c4b30da585b
Applied:
+Unapplied:
manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
@@ -11,5 +12,4 @@ Applied:
manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
-Unapplied:
Hidden:
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f618714f0d41bb4db78aaa249202934f8c95d2dd
commit f618714f0d41bb4db78aaa249202934f8c95d2dd
Merge: d62a41b 08d66cf
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:38 2013 -0300
start of log
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d62a41bd6cad10dd3fd1d552044e1c0fc15c3b30
commit d62a41bd6cad10dd3fd1d552044e1c0fc15c3b30
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Tue Jul 30 04:53:38 2013 -0300
start of log
diff --git a/meta b/meta
new file mode 100644
index 0000000..098d519
--- /dev/null
+++ b/meta
@@ -0,0 +1,15 @@
+Version: 1
+Previous: None
+Head: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Applied:
+ manual-document-mt-safety.patch: 706d7b14f054f498250c63c1e221a935b0e5ced2
+ powerpc-nofpu-sim-note-nothread.patch: c2080123a1257f86601d8639f289ea4e3e6e27d7
+ unused-scalb-is-scalbn.patch: c7b61a96cbd8cb57ef7aedbddf47a3368451583d
+ manual-document-mt-safety-arith.patch: ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
+ manual-document-mt-safety-stdio.patch: 29204588dcc2ae4b2c07025a50f8018c87cdc409
+ manual-document-mt-safety-locale.patch: 2138bb13b72835109d53a470595be6f31f485113
+ manual-document-mt-safety-math.patch: 00af0ed393c8103a619299dc34fcda36561f3cd7
+ manual-document-mt-safety-ctype-wip.patch: b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
+ manual-document-mt-safety-wip.patch: 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
+Unapplied:
+Hidden:
diff --git a/patches/manual-document-mt-safety-arith.patch b/patches/manual-document-mt-safety-arith.patch
new file mode 100644
index 0000000..6d56f45
--- /dev/null
+++ b/patches/manual-document-mt-safety-arith.patch
@@ -0,0 +1,822 @@
+Bottom: 58842960ffbf63afb50845d77d86b584785bfb5d
+Top: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:39 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/arith.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 77056c3..833e0c9 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -160,6 +160,8 @@ The remainder from the division.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun div_t div (int @var{numerator}, int @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Functions in this section are pure, and thus safe.
+ This function @code{div} computes the quotient and remainder from
+ the division of @var{numerator} by @var{denominator}, returning the
+ result in a structure of type @code{div_t}.
+@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{ldiv} function is similar to @code{div}, except that the
+ arguments are of type @code{long int} and the result is returned as a
+ structure of type @code{ldiv_t}.
+@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{lldiv} function is like the @code{div} function, but the
+ arguments are of type @code{long long int} and the result is returned as
+ a structure of type @code{lldiv_t}.
+@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
+ @comment inttypes.h
+ @comment ISO
+ @deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{imaxdiv} function is like the @code{div} function, but the
+ arguments are of type @code{intmax_t} and the result is returned as
+ a structure of type @code{imaxdiv_t}.
+@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
+ @comment math.h
+ @comment BSD
+ @deftypefunx int isinfl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns @code{-1} if @var{x} represents negative infinity,
+ @code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
+ @end deftypefun
+@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
+ @comment math.h
+ @comment BSD
+ @deftypefunx int isnanl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns a nonzero value if @var{x} is a ``not a number''
+ value, and zero otherwise.
+
+@@ -445,6 +452,7 @@ function for some reason, you can write
+ @comment math.h
+ @comment BSD
+ @deftypefunx int finitel (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns a nonzero value if @var{x} is finite or a ``not a
+ number'' value, and zero otherwise.
+ @end deftypefun
+@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feclearexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
++@c The other functions in this section that modify FP status register
++@c mostly do so with non-atomic load-modify-store sequences, but since
++@c the register is thread-specific, this should be fine, and safe for
++@c cancellation. As long as the FP environment is restored before the
++@c signal handler returns control to the interrupted thread (like any
++@c kernel should do), the functions are also safe for use in signal
++@c handlers.
++@c
++@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
++@c __sim_exception, __sim_disabled_exception and __sim_round_mode
++@c variables, that emulate a floating-point status register, are not
++@c thread-specific variables, so many of these functions are not MT-safe
++@c on that platform. This is probably a bug. These variables aren't
++@c restored by the signal machinery either, making the functions also
++@c async-signal-unsafe on this platform.
+ This function clears all of the supported exception flags indicated by
+ @var{excepts}.
+
+@@ -723,6 +747,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feraiseexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This function raises the supported exceptions indicated by
+ @var{excepts}. If more than one exception bit in @var{excepts} is set
+ the order in which the exceptions are raised is undefined except that
+@@ -738,6 +763,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fetestexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Test whether the exception flags indicated by the parameter @var{except}
+ are currently set. If any of them are, a nonzero value is returned
+ which specifies which exceptions are set. Otherwise the result is zero.
+@@ -774,6 +800,7 @@ following functions:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This function stores in the variable pointed to by @var{flagp} an
+ implementation-defined value representing the current setting of the
+ exception flags indicated by @var{excepts}.
+@@ -785,6 +812,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This function restores the flags for the exceptions indicated by
+ @var{excepts} to the values stored in the variable pointed to by
+ @var{flagp}.
+@@ -940,6 +968,7 @@ find out which one with this function:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fegetround (void)
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Returns the currently selected rounding mode, represented by one of the
+ values of the defined rounding mode macros.
+ @end deftypefun
+@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fesetround (int @var{round})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Changes the currently selected rounding mode to @var{round}. If
+ @var{round} does not correspond to one of the supported rounding modes
+ nothing is changed. @code{fesetround} returns zero if it changed the
+@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fegetenv (fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Store the floating-point environment in the variable pointed to by
+ @var{envp}.
+
+@@ -1004,6 +1035,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feholdexcept (fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Store the current floating-point environment in the object pointed to by
+ @var{envp}. Then clear all exception flags, and set the FPU to trap no
+ exceptions. Not all FPUs support trapping no exceptions; if
+@@ -1042,6 +1074,7 @@ functions:
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int fesetenv (const fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Set the floating-point environment to that described by @var{envp}.
+
+ The function returns zero in case the operation was successful, a
+@@ -1051,6 +1084,7 @@ non-zero value otherwise.
+ @comment fenv.h
+ @comment ISO
+ @deftypefun int feupdateenv (const fenv_t *@var{envp})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ Like @code{fesetenv}, this function sets the floating-point environment
+ to that described by @var{envp}. However, if any exceptions were
+ flagged in the status word before @code{feupdateenv} was called, they
+@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
+ @comment fenv.h
+ @comment GNU
+ @deftypefun int feenableexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This functions enables traps for each of the exceptions as indicated by
+ the parameter @var{except}. The individual exceptions are described in
+ @ref{Status bit operations}. Only the specified exceptions are
+@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
+ @comment fenv.h
+ @comment GNU
+ @deftypefun int fedisableexcept (int @var{excepts})
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ This functions disables traps for each of the exceptions as indicated by
+ the parameter @var{except}. The individual exceptions are described in
+ @ref{Status bit operations}. Only the specified exceptions are
+@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
+ @comment fenv.h
+ @comment GNU
+ @deftypefun int fegetexcept (void)
++@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
+ The function returns a bitmask of all currently enabled exceptions. It
+ returns @code{-1} in case of failure.
+ @end deftypefun
+@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
+ @comment inttypes.h
+ @comment ISO
+ @deftypefunx intmax_t imaxabs (intmax_t @var{number})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the absolute value of @var{number}.
+
+ Most computers use a two's complement integer representation, in which
+@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fabsl (long double @var{number})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns the absolute value of the floating-point number
+ @var{number}.
+ @end deftypefun
+@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} cabsl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the absolute value of the complex number @var{z}
+ (@pxref{Complex Numbers}). The absolute value of a complex number is:
+
+@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are used to split the number @var{value}
+ into a normalized fraction and an exponent.
+
+@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the result of multiplying the floating-point
+ number @var{value} by 2 raised to the power @var{exponent}. (It can
+ be used to reassemble floating-point numbers that were taken apart
+@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @end deftypefun
+
+@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{scalbn} is identical to @code{scalb}, except that the exponent
+ @var{n} is an @code{int} instead of a floating-point number.
+ @end deftypefun
+@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{scalbln} is identical to @code{scalb}, except that the exponent
+ @var{n} is a @code{long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} significandl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{significand} returns the mantissa of @var{x} scaled to the range
+ @math{[1, 2)}.
+ It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
+@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} ceill (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions round @var{x} upwards to the nearest integer,
+ returning that value as a @code{double}. Thus, @code{ceil (1.5)}
+ is @code{2.0}.
+@@ -1349,6 +1396,7 @@ is @code{2.0}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} floorl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions round @var{x} downwards to the nearest
+ integer, returning that value as a @code{double}. Thus, @code{floor
+ (1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
+@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} truncl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{trunc} functions round @var{x} towards zero to the nearest
+ integer (returned in floating-point format). Thus, @code{trunc (1.5)}
+ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
+@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} rintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions round @var{x} to an integer value according to the
+ current rounding mode. @xref{Floating Point Parameters}, for
+ information about the various rounding modes. The default
+@@ -1397,6 +1447,7 @@ inexact exception.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nearbyintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the same value as the @code{rint} functions, but
+ do not raise the inexact exception if @var{x} is not an integer.
+ @end deftypefun
+@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} roundl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are similar to @code{rint}, but they round halfway
+ cases away from zero instead of to the nearest integer (or other
+ current rounding mode).
+@@ -1424,6 +1476,7 @@ current rounding mode).
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long int} lrintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{rint}, but they return a
+ @code{long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long long int} llrintl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{rint}, but they return a
+ @code{long long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long int} lroundl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{round}, but they return a
+ @code{long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long long int} llroundl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are just like @code{round}, but they return a
+ @code{long long int} instead of a floating-point number.
+ @end deftypefun
+@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions break the argument @var{value} into an integer part and a
+ fractional part (between @code{-1} and @code{1}, exclusive). Their sum
+ equals @var{value}. Each of the parts has the same sign as @var{value},
+@@ -1503,6 +1560,7 @@ suits your problem.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions compute the remainder from the division of
+ @var{numerator} by @var{denominator}. Specifically, the return value is
+ @code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
+@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are like @code{fmod} except that they round the
+ internal quotient @var{n} to the nearest integer instead of towards zero
+ to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
+@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
+ @comment math.h
+ @comment BSD
+ @deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is another name for @code{drem}.
+ @end deftypefun
+
+@@ -1569,6 +1629,7 @@ bits.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return @var{x} but with the sign of @var{y}. They work
+ even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
+ sign (although not all implementations support it) and this is one of
+@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+ @comment math.h
+ @comment ISO
+ @deftypefun int signbit (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @code{signbit} is a generic macro which can work on all floating-point
+ types. It returns a nonzero value if the value of @var{x} has its sign
+ bit set.
+@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{nextafter} function returns the next representable neighbor of
+ @var{x} in the direction towards @var{y}. The size of the step between
+ @var{x} and the result depends on the type of the result. If
+@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are identical to the corresponding versions of
+ @code{nextafter} except that their second argument is a @code{long
+ double}.
+@@ -1640,6 +1704,8 @@ double}.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} nanl (const char *@var{tagp})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@c The unsafe-but-ruled-safe locale use comes from strtod.
+ The @code{nan} function returns a representation of NaN, provided that
+ NaN is supported by the target platform.
+ @code{nan ("@var{n-char-sequence}")} is equivalent to
+@@ -1674,6 +1740,7 @@ arguments only once.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is greater than
+ @var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
+ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is greater than or
+ equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
+ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is less than @var{y}.
+ It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
+ raised if @var{x} or @var{y} are NaN.
+@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is less than or equal
+ to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
+ exception is raised if @var{x} or @var{y} are NaN.
+@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether the argument @var{x} is less or greater
+ than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
+ (@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
+@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
+ @comment math.h
+ @comment ISO
+ @deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro determines whether its arguments are unordered. In other
+ words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
+ @end deftypefn
+@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fmin} function returns the lesser of the two values @var{x}
+ and @var{y}. It is similar to the expression
+ @smallexample
+@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fmax} function returns the greater of the two values @var{x}
+ and @var{y}.
+
+@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
+ @comment math.h
+ @comment ISO
+ @deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fdim} function returns the positive difference between
+ @var{x} and @var{y}. The positive difference is @math{@var{x} -
+ @var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
+@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
+ @comment ISO
+ @deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
+ @cindex butterfly
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fma} function performs floating-point multiply-add. This is
+ the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
+ intermediate result is not rounded to the destination type. This can
+@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} creall (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the real part of the complex number @var{z}.
+ @end deftypefun
+
+@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} cimagl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the imaginary part of the complex number @var{z}.
+ @end deftypefun
+
+@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {complex long double} conjl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the conjugate value of the complex number
+ @var{z}. The conjugate of a complex number has the same real part and a
+ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
+@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {long double} cargl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the argument of the complex number @var{z}.
+ The argument of a complex number is the angle in the complex plane
+ between the positive real axis and a line passing through zero and the
+@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
+ @comment complex.h
+ @comment ISO
+ @deftypefunx {complex long double} cprojl (complex long double @var{z})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions return the projection of the complex value @var{z} onto
+ the Riemann sphere. Values with a infinite imaginary part are projected
+ to positive infinity on the real axis, even if the real part is NaN. If
+@@ -2034,6 +2115,16 @@ as well.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@c strtol uses the thread-local pointer to the locale in effect, and
++@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
++@c but if the locale is the global locale, and another thread calls
++@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
++@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
++@c execution of the function, because they re-read the locale data from
++@c the given locale pointer. We solved this by documenting setlocale as
++@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
++@c AS-Safe; recheck.
+ The @code{strtol} (``string-to-long'') function converts the initial
+ part of @var{string} to a signed integer, which is returned as a value
+ of type @code{long int}.
+@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstol} function is equivalent to the @code{strtol} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoul} (``string-to-unsigned-long'') function is like
+ @code{strtol} except it converts to an @code{unsigned long int} value.
+ The syntax is the same as described above for @code{strtol}. The value
+@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoul} function is equivalent to the @code{strtoul} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoll} function is like @code{strtol} except that it returns
+ a @code{long long int} value, and accepts numbers with a correspondingly
+ larger range.
+@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoll} function is equivalent to the @code{strtoll} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
+ @end deftypefun
+
+ @comment wchar.h
+ @comment GNU
+ @deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoq} function is equivalent to the @code{strtoq} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoull} function is related to @code{strtoll} the same way
+ @code{strtoul} is related to @code{strtol}.
+
+@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoull} function is equivalent to the @code{strtoull} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{strtouq} is the BSD name for @code{strtoull}.
+ @end deftypefun
+
+ @comment wchar.h
+ @comment GNU
+ @deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstouq} function is equivalent to the @code{strtouq} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
+ @comment inttypes.h
+ @comment ISO
+ @deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoimax} function is like @code{strtol} except that it returns
+ a @code{intmax_t} value, and accepts numbers of a corresponding range.
+
+@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+ @comment wchar.h
+ @comment ISO
+ @deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
+ @comment inttypes.h
+ @comment ISO
+ @deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{strtoumax} function is related to @code{strtoimax}
+ the same way that @code{strtoul} is related to @code{strtol}.
+
+@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
+ @comment wchar.h
+ @comment ISO
+ @deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
+ in nearly all aspects but handles wide character strings.
+
+@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long int} atol (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is similar to the @code{strtol} function with a @var{base}
+ argument of @code{10}, except that it need not detect overflow errors.
+ The @code{atol} function is provided mostly for compatibility with
+@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int atoi (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is like @code{atol}, except that it returns an @code{int}.
+ The @code{atoi} function is also considered obsolete; use @code{strtol}
+ instead.
+@@ -2267,6 +2375,7 @@ instead.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun {long long int} atoll (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is similar to @code{atol}, except it returns a @code{long
+ long int}.
+
+@@ -2331,6 +2440,9 @@ as well.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
++@c mpn, but it's all safe.
+ The @code{strtod} (``string-to-double'') function converts the initial
+ part of @var{string} to a floating-point number, which is returned as a
+ value of type @code{double}.
+@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ These functions are analogous to @code{strtod}, but return @code{float}
+ and @code{long double} values respectively. They report errors in the
+ same way as @code{strtod}. @code{strtof} can be substantially faster
+@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
+ equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
+ @code{strtold} functions but it handles wide character string.
+@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun double atof (const char *@var{string})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ This function is similar to the @code{strtod} function, except that it
+ need not detect overflow and underflow errors. The @code{atof} function
+ is provided mostly for compatibility with existing code; using
+@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ The function @code{ecvt} converts the floating-point number @var{value}
+ to a string with at most @var{ndigit} decimal digits. The
+ returned string contains no decimal point or sign. The first digit of
+@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
+ the number of digits after the decimal point. If @var{ndigit} is less
+ than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
+@@ -2516,6 +2633,9 @@ to @code{fcvt}.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
++@c args_value if it's too large, but gcvt never exercises this path.
+ @code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
+ ndigit, value}. It is provided only for compatibility's sake. It
+ returns @var{buf}.
+@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ This function is equivalent to @code{ecvt} except that it takes a
+ @code{long double} for the first parameter and that @var{ndigit} is
+ restricted by the precision of a @code{long double}.
+@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
++@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
+ This function is equivalent to @code{fcvt} except that it
+ takes a @code{long double} for the first parameter and that @var{ndigit} is
+ restricted by the precision of a @code{long double}.
+@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is equivalent to @code{gcvt} except that it takes a
+ @code{long double} for the first parameter and that @var{ndigit} is
+ restricted by the precision of a @code{long double}.
+@@ -2566,6 +2689,7 @@ user-supplied buffer.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{ecvt_r} function is the same as @code{ecvt}, except
+ that it places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
+@@ -2577,6 +2701,7 @@ This function is a GNU extension.
+ @comment stdlib.h
+ @comment SVID, Unix98
+ @deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fcvt_r} function is the same as @code{fcvt}, except that it
+ places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
+@@ -2588,6 +2713,7 @@ This function is a GNU extension.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{qecvt_r} function is the same as @code{qecvt}, except
+ that it places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
+@@ -2599,6 +2725,7 @@ This function is a GNU extension.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{qfcvt_r} function is the same as @code{qfcvt}, except
+ that it places its result into the user-specified buffer pointed to by
+ @var{buf}, with length @var{len}. The return value is @code{-1} in
diff --git a/patches/manual-document-mt-safety-ctype-wip.patch b/patches/manual-document-mt-safety-ctype-wip.patch
new file mode 100644
index 0000000..2751123
--- /dev/null
+++ b/patches/manual-document-mt-safety-ctype-wip.patch
@@ -0,0 +1,34 @@
+Bottom: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
+Top: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:43 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/ctype.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index 3d13571..f05d509 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
++@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
diff --git a/patches/manual-document-mt-safety-locale.patch b/patches/manual-document-mt-safety-locale.patch
new file mode 100644
index 0000000..def6108
--- /dev/null
+++ b/patches/manual-document-mt-safety-locale.patch
@@ -0,0 +1,29 @@
+Bottom: e742d008a73a9279e0234fe6e8416e0b74b22645
+Top: b6a7df74e1dd769dd2a68885320bde2bae038277
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:40 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/locale.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 2f10fcd..323268d 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
++@safety{@mtunsafe{uunguard}}
++@c This function is MT-Safe, but uses of the global locale object are
++@c unguarded in functions that ought to be MT-Safe, so we're ruling out
++@c the use of this function once threads are started.
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
diff --git a/patches/manual-document-mt-safety-math.patch b/patches/manual-document-mt-safety-math.patch
new file mode 100644
index 0000000..14df6f3
--- /dev/null
+++ b/patches/manual-document-mt-safety-math.patch
@@ -0,0 +1,26 @@
+Bottom: b6a7df74e1dd769dd2a68885320bde2bae038277
+Top: 7c3df0362db41863af2f7f886b7e7f14cd2cb7c5
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:41 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/math.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/math.texi b/manual/math.texi
+index 193d415..fd5d0c8 100644
+--- a/manual/math.texi
++++ b/manual/math.texi
+@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
+ @comment math.h
+ @comment ISO
+ @deftypefunx int ilogbl (long double @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ These functions are equivalent to the corresponding @code{logb}
+ functions except that they return signed integer values.
+ @end deftypefun
diff --git a/patches/manual-document-mt-safety-stdio.patch b/patches/manual-document-mt-safety-stdio.patch
new file mode 100644
index 0000000..2088f94
--- /dev/null
+++ b/patches/manual-document-mt-safety-stdio.patch
@@ -0,0 +1,1117 @@
+Bottom: 4d06ccc13c580c9f8bc1ebbdc407011933a41e89
+Top: e742d008a73a9279e0234fe6e8416e0b74b22645
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:40 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/stdio.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index 3f9be9bc5..7809dd4 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c fopen may leak the list lock if cancelled within _IO_link_in.
+ The @code{fopen} function opens a stream for I/O to the file
+ @var{filename}, and returns a pointer to the stream.
+
+@@ -265,6 +267,7 @@ Locks}.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{fopen} but the stream it returns a
+ pointer for is opened using @code{open64}. Therefore this stream can be
+ used even on files larger then @math{2^31} bytes on 32 bit machines.
+@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
++@c Like most I/O operations, this one is guarded by a recursive lock,
++@c released even upon cancellation, but cancellation may leak file
++@c descriptors and leave the stream in an inconsistent state (e.g.,
++@c still bound to the closed descriptor). Also, if the stream is
++@c part-way through a significant update (say running freopen) when a
++@c signal handler calls freopen again on the same stream, the result is
++@c likely to be an inconsistent stream, and the possibility of closing
++@c twice file descriptor number that the stream used to use, the second
++@c time when it might have already been reused by another thread.
+ This function is like a combination of @code{fclose} and @code{fopen}.
+ It first closes the stream referred to by @var{stream}, ignoring any
+ errors that are detected in the process. (Because errors are ignored,
+@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+ This function is similar to @code{freopen}. The only difference is that
+ on 32 bit machine the stream returned is able to read beyond the
+ @math{2^31} bytes limits imposed by the normal interface. It should be
+@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __freadable (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__freadable} function determines whether the stream
+ @var{stream} was opened to allow reading. In this case the return value
+ is nonzero. For write-only streams the function returns zero.
+@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __fwritable (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__fwritable} function determines whether the stream
+ @var{stream} was opened to allow writing. In this case the return value
+ is nonzero. For read-only streams the function returns zero.
+@@ -364,6 +380,7 @@ They provide even finer-grained information.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __freading (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__freading} function determines whether the stream
+ @var{stream} was last read from or whether it is opened read-only. In
+ this case the return value is nonzero, otherwise it is zero.
+@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __fwriting (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__fwriting} function determines whether the stream
+ @var{stream} was last written to or whether it is opened write-only. In
+ this case the return value is nonzero, otherwise it is zero.
+@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fclose (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@c After fclose, it is undefined behavior to use the stream it points
++@c to. Therefore, one must only call fclose when the stream is
++@c otherwise unused. Concurrent uses started before will complete
++@c successfully because of the lock, which makes it MT-Safe. Calling it
++@c from a signal handler is perfectly safe if the stream is known to be
++@c no longer used, which is a precondition for fclose to be safe in the
++@c first place; since this is no further requirement, fclose is safe for
++@c use in async signals too. After calling fclose, you can no longer
++@c use the stream, not even to fclose it again, so its memory and file
++@c descriptor may leak if fclose is canceled before @c releasing them.
++@c That the stream must be unused and it becomes unused after the call
++@c is what would enable fclose to be AS- and AC-Safe while freopen
++@c isn't. However, because of the possibility of leaving __gconv_lock
++@c taken upon cancellation, AC-Safety is lost.
+ This function causes @var{stream} to be closed and the connection to
+ the corresponding file to be broken. Any buffered output is written
+ and any buffered input is discarded. The @code{fclose} function returns
+@@ -418,6 +451,12 @@ another function.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fcloseall (void)
++@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
++@c Like fclose, using any previously-opened streams after fcloseall is
++@c undefined. However, the implementation of fcloseall isn't equivalent
++@c to calling fclose for all streams: it just flushes and unbuffers all
++@c streams, without any locking. It's the flushing without locking that
++@c makes it unsafe.
+ This function causes all open streams of the process to be closed and
+ the connection to corresponding files to be broken. All buffered data
+ is written and any buffered input is discarded. The @code{fcloseall}
+@@ -474,6 +513,9 @@ perform the stream locking in the application code.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun void flockfile (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
++@c There's no way to tell whether the lock was acquired before or after
++@c cancellation so as to unlock only when appropriate.
+ The @code{flockfile} function acquires the internal locking object
+ associated with the stream @var{stream}. This ensures that no other
+ thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
+@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int ftrylockfile (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{ftrylockfile} function tries to acquire the internal locking
+ object associated with the stream @var{stream} just like
+ @code{flockfile}. But unlike @code{flockfile} this function does not
+@@ -496,6 +539,7 @@ another thread.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun void funlockfile (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{funlockfile} function releases the internal locking object of
+ the stream @var{stream}. The stream must have been locked before by a
+ call to @code{flockfile} or a successful call of @code{ftrylockfile}.
+@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
++@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
++@c Changing the implicit-locking status of a stream while it's in use by
++@c another thread may cause a lock to be implicitly acquired and not
++@c released, or vice-versa. This function should probably hold the lock
++@c while changing this setting, to make sure we don't change it while
++@c there are any concurrent uses. Meanwhile, callers should acquire the
++@c lock themselves to be safe, and even concurrent uses with external
++@c locking will be fine, as long as functions that require external
++@c locking are not called without holding locks.
+
+ The @code{__fsetlocking} function can be used to select whether the
+ stream operations will implicitly acquire the locking object of the
+@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
+ variants will implicitly lock the stream.
+
+ @item FSETLOCKING_BYCALLER
++@c ??? Does the possibility of disabling implicit locking on any stream
++@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
++@c ones?
+ After the @code{__fsetlocking} function returns the user is responsible
+ for locking the stream. None of the stream operations will implicitly
+ do this anymore until the state is set back to
+@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fwide (FILE *@var{stream}, int @var{mode})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
++@c Querying is always safe, but changing the stream when it's in use
++@c upthread may be problematic. Like most lock-acquiring functions,
++@c this one may leak the lock if canceled.
+
+ The @code{fwide} function can be used to set and query the state of the
+ orientation of the stream @var{stream}. If the @var{mode} parameter has
+@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fputc (int @var{c}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
++@c If the stream is in use when interrupted by a signal, the recursive
++@c lock won't help ensure the stream is consistent; indeed, if fputc
++@c gets a signal precisely before the post-incremented _IO_write_ptr
++@c value is stored, we may overwrite the interrupted write. Conversely,
++@c depending on compiler optimizations, the incremented _IO_write_ptr
++@c may be stored before the character is stored in the buffer,
++@c corrupting the stream if async cancel hits between the two stores.
++@c There may be other reasons for AS- and AC-unsafety in the overflow
++@c cases.
+ The @code{fputc} function converts the character @var{c} to type
+ @code{unsigned char}, and writes it to the stream @var{stream}.
+ @code{EOF} is returned if a write error occurs; otherwise the
+@@ -820,6 +890,7 @@ character @var{c} is returned.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The @code{fputwc} function writes the wide character @var{wc} to the
+ stream @var{stream}. @code{WEOF} is returned if a write error occurs;
+ otherwise the character @var{wc} is returned.
+@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
++@c The unlocked functions can't possibly satisfy the MT-Safety
++@c requirements on their own, because they require external locking for
++@c safety.
+ The @code{fputc_unlocked} function is equivalent to the @code{fputc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment POSIX
+ @deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -844,6 +920,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int putc (int @var{c}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ This is just like @code{fputc}, except that most systems implement it as
+ a macro, making it faster. One consequence is that it may evaluate the
+ @var{stream} argument more than once, which is an exception to the
+@@ -854,6 +931,7 @@ use for writing a single character.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ This is just like @code{fputwc}, except that it can be implement as
+ a macro, making it faster. One consequence is that it may evaluate the
+ @var{stream} argument more than once, which is an exception to the
+@@ -864,6 +942,7 @@ use for writing a single wide character.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putc_unlocked} function is equivalent to the @code{putc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putwc_unlocked} function is equivalent to the @code{putwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -880,6 +960,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int putchar (int @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The @code{putchar} function is equivalent to @code{putc} with
+ @code{stdout} as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t putwchar (wchar_t @var{wc})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The @code{putwchar} function is equivalent to @code{putwc} with
+ @code{stdout} as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int putchar_unlocked (int @var{c})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putchar_unlocked} function is equivalent to the @code{putchar}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
+ function except that it does not implicitly lock the stream.
+
+@@ -910,6 +994,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The function @code{fputs} writes the string @var{s} to the stream
+ @var{stream}. The terminating null character is not written.
+ This function does @emph{not} add a newline character, either.
+@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+ The function @code{fputws} writes the wide character string @var{ws} to
+ the stream @var{stream}. The terminating null character is not written.
+ This function does @emph{not} add a newline character, either. It
+@@ -945,6 +1031,7 @@ a non-negative value.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fputs_unlocked} function is equivalent to the @code{fputs}
+ function except that it does not implicitly lock the stream.
+
+@@ -954,6 +1041,7 @@ This function is a GNU extension.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fputws_unlocked} function is equivalent to the @code{fputws}
+ function except that it does not implicitly lock the stream.
+
+@@ -963,6 +1051,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int puts (const char *@var{s})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{puts} function writes the string @var{s} to the stream
+ @code{stdout} followed by a newline. The terminating null character of
+ the string is not written. (Note that @code{fputs} does @emph{not}
+@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun int putw (int @var{w}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function writes the word @var{w} (that is, an @code{int}) to
+ @var{stream}. It is provided for compatibility with SVID, but we
+ recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
+@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fgetc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
++@c Same caveats as fputc, but instead of losing a write in case of async
++@c signals, we may read the same character more than once, and the
++@c stream may be left in odd states due to cancellation in the underflow
++@c cases.
+ This function reads the next character as an @code{unsigned char} from
+ the stream @var{stream} and returns its value, converted to an
+ @code{int}. If an end-of-file condition or read error occurs,
+@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t fgetwc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads the next wide character from the stream @var{stream}
+ and returns its value. If an end-of-file condition or read error
+ occurs, @code{WEOF} is returned instead.
+@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int fgetc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -1047,6 +1145,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int getc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This is just like @code{fgetc}, except that it is permissible (and
+ typical) for it to be implemented as a macro that evaluates the
+ @var{stream} argument more than once. @code{getc} is often highly
+@@ -1057,6 +1156,7 @@ character.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t getwc (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This is just like @code{fgetwc}, except that it is permissible for it to
+ be implemented as a macro that evaluates the @var{stream} argument more
+ than once. @code{getwc} can be highly optimized, so it is usually the
+@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int getc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getc_unlocked} function is equivalent to the @code{getc}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t getwc_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getwc_unlocked} function is equivalent to the @code{getwc}
+ function except that it does not implicitly lock the stream.
+
+@@ -1082,6 +1184,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int getchar (void)
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
+ as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t getwchar (void)
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
+ as the value of the @var{stream} argument.
+ @end deftypefun
+@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int getchar_unlocked (void)
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getchar_unlocked} function is equivalent to the @code{getchar}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun wint_t getwchar_unlocked (void)
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
+ function except that it does not implicitly lock the stream.
+
+@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
+ @comment stdio.h
+ @comment SVID
+ @deftypefun int getw (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads a word (that is, an @code{int}) from @var{stream}.
+ It's provided for compatibility with SVID. We recommend you use
+ @code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
+@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads an entire line from @var{stream}, storing the text
+ (including the newline and a terminating null character) in a buffer
+ and storing the buffer address in @code{*@var{lineptr}}.
+@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
+ @comment stdio.h
+ @comment GNU
+ @deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is like @code{getline} except that the character which
+ tells it to stop reading is not necessarily newline. The argument
+ @var{delimiter} specifies the delimiter character; @code{getdelim} keeps
+@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{fgets} function reads characters from the stream @var{stream}
+ up to and including a newline character and stores them in the string
+ @var{s}, adding a null character to mark the end of the string. You
+@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{fgetws} function reads wide characters from the stream
+ @var{stream} up to and including a newline character and stores them in
+ the string @var{ws}, adding a null wide character to mark the end of the
+@@ -1280,6 +1391,7 @@ message.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgets_unlocked} function is equivalent to the @code{fgets}
+ function except that it does not implicitly lock the stream.
+
+@@ -1289,6 +1401,7 @@ This function is a GNU extension.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
+ function except that it does not implicitly lock the stream.
+
+@@ -1298,6 +1411,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefn {Deprecated function} {char *} gets (char *@var{s})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The function @code{gets} reads characters from the stream @code{stdin}
+ up to the next newline character, and stores them in the string @var{s}.
+ The newline character is discarded (note that this differs from the
+@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int ungetc (int @var{c}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{ungetc} function pushes back the character @var{c} onto the
+ input stream @var{stream}. So the next input from @var{stream} will
+ read @var{c} before anything else.
+@@ -1425,6 +1540,7 @@ will encounter end of file.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{ungetwc} function behaves just like @code{ungetc} just that it
+ pushes back a wide character.
+ @end deftypefun
+@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function reads up to @var{count} objects of size @var{size} into
+ the array @var{data}, from the stream @var{stream}. It returns the
+ number of objects actually read, which might be less than @var{count} if
+@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fread_unlocked} function is equivalent to the @code{fread}
+ function except that it does not implicitly lock the stream.
+
+@@ -1507,6 +1625,7 @@ This function is a GNU extension.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function writes up to @var{count} objects of size @var{size} from
+ the array @var{data}, to the stream @var{stream}. The return value is
+ normally @var{count}, if the call succeeds. Any other value indicates
+@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
+ function except that it does not implicitly lock the stream.
+
+@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int printf (const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{printf} function prints the optional arguments under the
+ control of the template string @var{template} to the stream
+ @code{stdout}. It returns the number of characters printed, or a
+@@ -2266,6 +2387,7 @@ negative value if there was an output error.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{wprintf} function prints the optional arguments under the
+ control of the wide template string @var{template} to the stream
+ @code{stdout}. It returns the number of wide characters printed, or a
+@@ -2275,6 +2397,7 @@ negative value if there was an output error.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{printf}, except that the output is
+ written to the stream @var{stream} instead of @code{stdout}.
+ @end deftypefun
+@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{wprintf}, except that the output is
+ written to the stream @var{stream} instead of @code{stdout}.
+ @end deftypefun
+@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{printf}, except that the output is stored in the character
+ array @var{s} instead of written to a stream. A null character is written
+ to mark the end of the string.
+@@ -2313,6 +2438,7 @@ described below.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{wprintf}, except that the output is stored in the
+ wide character array @var{ws} instead of written to a stream. A null
+ wide character is written to mark the end of the string. The @var{size}
+@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ The @code{snprintf} function is similar to @code{sprintf}, except that
+ the @var{size} argument specifies the maximum number of characters to
+ produce. The trailing null character is counted towards this limit, so
+@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This function is similar to @code{sprintf}, except that it dynamically
+ allocates a string (as with @code{malloc}; @pxref{Unconstrained
+ Allocation}) to hold the output, instead of putting the output in a
+@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+ This function is similar to @code{asprintf}, except that it uses the
+ obstack @var{obstack} to allocate the space. @xref{Obstacks}.
+
+@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{printf} except that, instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap}.
+@@ -2517,6 +2647,7 @@ pointer @var{ap}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{wprintf} except that, instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap}.
+@@ -2525,6 +2656,12 @@ pointer @var{ap}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
++@c Although vfprintf sets up a cleanup region to release the lock on the
++@c output stream, it doesn't use it to release args_value or string in
++@c case of cancellation. This doesn't make it unsafe, but cancelling it
++@c may leak memory. The unguarded use of __printf_function_table is
++@c also of concern for all callers.
+ This is the equivalent of @code{fprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This is the equivalent of @code{fwprintf} with the variable argument list
+ specified directly as for @code{vwprintf}.
+ @end deftypefun
+@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{sprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{swprintf} with the variable argument list
+ specified directly as for @code{vwprintf}.
+ @end deftypefun
+@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{snprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ The @code{vasprintf} function is the equivalent of @code{asprintf} with the
+ variable argument list specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
++@c The obstack is not guarded by mutexes, it might be at an inconsistent
++@c state within a signal handler, and it could be left at an
++@c inconsistent state in case of cancellation.
+ The @code{obstack_vprintf} function is the equivalent of
+ @code{obstack_printf} with the variable argument list specified directly
+ as for @code{vprintf}.@refill
+@@ -2639,6 +2785,7 @@ file @file{printf.h}.
+ @comment printf.h
+ @comment GNU
+ @deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
+ This function returns information about the number and types of
+ arguments expected by the @code{printf} template string @var{template}.
+ The information is stored in the array @var{argtypes}; each element of
+@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
+ @comment printf.h
+ @comment GNU
+ @deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
++@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@c This function is guarded by the global non-recursive libc lock, but
++@c users of the variables it sets aren't, and those should be MT-Safe,
++@c so we're ruling out the use of this extension with threads. Calling
++@c it from a signal handler may self-deadlock, and cancellation may
++@c leave the lock held, besides leaking allocated memory.
+ This function defines the conversion specifier character @var{spec}.
+ Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
+ You can redefine the built-in conversions like @samp{%s}, but flag
+@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
+ @comment printf.h
+ @comment GNU
+ @deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
++@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
++@c This is meant to be called by vfprintf, that should hold the lock on
++@c the stream, but if this function is called directly, output will be
++@c racy, besides the uses of the global locale object while other
++@c threads may be changing it and the possbility of leaving the stream
++@c object in an inconsistent state in case of cancellation.
+ Print a given floating point number as for the format @code{%f} except
+ that there is a postfix character indicating the divisor for the
+ number to make this less than 1000. There are two possible divisors:
+@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
+ @comment printf.h
+ @comment GNU
+ @deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function will return in @var{argtypes} the information about the
+ used parameters in the way the @code{vfprintf} implementation expects
+ it. The format always takes one argument.
+@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int scanf (const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{scanf} function reads formatted input from the stream
+ @code{stdin} under the control of the template string @var{template}.
+ The optional arguments are pointers to the places which receive the
+@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ The @code{wscanf} function reads formatted input from the stream
+ @code{stdin} under the control of the template string @var{template}.
+ The optional arguments are pointers to the places which receive the
+@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{scanf}, except that the input is read
+ from the stream @var{stream} instead of @code{stdin}.
+ @end deftypefun
+@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is just like @code{wscanf}, except that the input is read
+ from the stream @var{stream} instead of @code{stdin}.
+ @end deftypefun
+@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{scanf}, except that the characters are taken from the
+ null-terminated string @var{s} instead of from a stream. Reaching the
+ end of the string is treated as an end-of-file condition.
+@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is like @code{wscanf}, except that the characters are taken from the
+ null-terminated string @var{ws} instead of from a stream. Reaching the
+ end of the string is treated as an end-of-file condition.
+@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{scanf}, but instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This function is similar to @code{wscanf}, but instead of taking
+ a variable number of arguments directly, it takes an argument list
+ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This is the equivalent of @code{fscanf} with the variable argument list
+ specified directly as for @code{vscanf}.
+ @end deftypefun
+@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+ This is the equivalent of @code{fwscanf} with the variable argument list
+ specified directly as for @code{vwscanf}.
+ @end deftypefun
+@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{sscanf} with the variable argument list
+ specified directly as for @code{vscanf}.
+ @end deftypefun
+@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
++@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
+ This is the equivalent of @code{swscanf} with the variable argument list
+ specified directly as for @code{vwscanf}.
+ @end deftypefun
+@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int feof (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{feof} function returns nonzero if and only if the end-of-file
+ indicator for the stream @var{stream} is set.
+
+@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int feof_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c There isn't much of a thread unsafety risk in reading a flag word and
++@c testing a bit in it.
+ The @code{feof_unlocked} function is equivalent to the @code{feof}
+ function except that it does not implicitly lock the stream.
+
+@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int ferror (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ The @code{ferror} function returns nonzero if and only if the error
+ indicator for the stream @var{stream} is set, indicating that an error
+ has occurred on a previous operation on the stream.
+@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int ferror_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{ferror_unlocked} function is equivalent to the @code{ferror}
+ function except that it does not implicitly lock the stream.
+
+@@ -4023,6 +4201,7 @@ function.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void clearerr (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+ This function clears the end-of-file and error indicators for the
+ stream @var{stream}.
+
+@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun void clearerr_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
+ The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
+ function except that it does not implicitly lock the stream.
+
+@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {long int} ftell (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function returns the current file position of the stream
+ @var{stream}.
+
+@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun off_t ftello (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{ftello} function is similar to @code{ftell}, except that it
+ returns a value of type @code{off_t}. Systems which support this type
+ use it to describe all file positions, unlike the POSIX specification
+@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun off64_t ftello64 (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{ftello} with the only difference that
+ the return value is of type @code{off64_t}. This also requires that the
+ stream @var{stream} was opened using either @code{fopen64},
+@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{fseek} function is used to change the file position of the
+ stream @var{stream}. The value of @var{whence} must be one of the
+ constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
+@@ -4215,6 +4399,7 @@ place in the file.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fseek} but it corrects a problem with
+ @code{fseek} in a system with POSIX types. Using a value of type
+ @code{long int} for the offset is not compatible with POSIX.
+@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fseeko} with the only difference that
+ the @var{offset} parameter is of type @code{off64_t}. This also
+ requires that the stream @var{stream} was opened using either
+@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void rewind (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{rewind} function positions the stream @var{stream} at the
+ beginning of the file. It is equivalent to calling @code{fseek} or
+ @code{fseeko} on the @var{stream} with an @var{offset} argument of
+@@ -4407,6 +4594,7 @@ representation.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function stores the value of the file position indicator for the
+ stream @var{stream} in the @code{fpos_t} object pointed to by
+ @var{position}. If successful, @code{fgetpos} returns zero; otherwise
+@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fgetpos} but the file position is
+ returned in a variable of type @code{fpos64_t} to which @var{position}
+ points.
+@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function sets the file position indicator for the stream @var{stream}
+ to the position @var{position}, which must have been set by a previous
+ call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
+@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is similar to @code{fsetpos} but the file position used
+ for positioning is provided in a variable of type @code{fpos64_t} to
+ which @var{position} points.
+@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fflush (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function causes any buffered output on @var{stream} to be delivered
+ to the file. If @var{stream} is a null pointer, then
+ @code{fflush} causes buffered output on @emph{all} open output streams
+@@ -4572,6 +4764,7 @@ otherwise.
+ @comment stdio.h
+ @comment POSIX
+ @deftypefun int fflush_unlocked (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{fflush_unlocked} function is equivalent to the @code{fflush}
+ function except that it does not implicitly lock the stream.
+ @end deftypefun
+@@ -4588,6 +4781,7 @@ exported.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun void _flushlbf (void)
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ The @code{_flushlbf} function flushes all line buffered streams
+ currently opened.
+
+@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun void __fpurge (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+ The @code{__fpurge} function causes the buffer of the stream
+ @var{stream} to be emptied. If the stream is currently in read mode all
+ input in the buffer is lost. If the stream is in output mode the
+@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function is used to specify that the stream @var{stream} should
+ have the buffering mode @var{mode}, which can be either @code{_IOFBF}
+ (for full buffering), @code{_IOLBF} (for line buffering), or
+@@ -4710,6 +4906,7 @@ efficient size.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ If @var{buf} is a null pointer, the effect of this function is
+ equivalent to calling @code{setvbuf} with a @var{mode} argument of
+ @code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
+@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
+ @comment stdio.h
+ @comment BSD
+ @deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
+ Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
+ buffer. The @var{size} argument specifies the length of @var{buf}.
+@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
+ @comment stdio.h
+ @comment BSD
+ @deftypefun void setlinebuf (FILE *@var{stream})
++@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+ This function makes @var{stream} be line buffered, and allocates the
+ buffer for you.
+
+@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun int __flbf (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{__flbf} function will return a nonzero value in case the
+ stream @var{stream} is line buffered. Otherwise the return value is
+ zero.
+@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun size_t __fbufsize (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
+ The @code{__fbufsize} function return the size of the buffer in the
+ stream @var{stream}. This value can be used to optimize the use of the
+ stream.
+@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
+ @comment stdio_ext.h
+ @comment GNU
+ @deftypefun size_t __fpending (FILE *@var{stream})
++@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
+ The @code{__fpending}
+ function returns the number of bytes currently in the output buffer.
+ For wide-oriented stream the measuring unit is wide characters. This
+@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
++@c bringing with it additional potential for async trouble with
++@c list_all_lock.
+ This function opens a stream that allows the access specified by the
+ @var{opentype} argument, that reads from or writes to the buffer specified
+ by the argument @var{buf}. This array must be at least @var{size} bytes long.
+@@ -4870,6 +5076,7 @@ Got r
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+ This function opens a stream for writing to a buffer. The buffer is
+ allocated dynamically and grown as necessary, using @code{malloc}.
+ After you've closed the stream, this buffer is your responsibility to
+@@ -4985,6 +5192,7 @@ closed.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
++@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ This function actually creates the stream for communicating with the
+ @var{cookie} using the functions in the @var{io-functions} argument.
+ The @var{opentype} argument is interpreted as for @code{fopen};
+@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
+ @comment fmtmsg.h
+ @comment XPG
+ @deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
+ Display a message described by its parameters on the device(s) specified
+ in the @var{classification} parameter. The @var{label} parameter
+ identifies the source of the message. The string should consist of two
+@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
+ but this is toilsome.
+
+ @deftypefun int addseverity (int @var{severity}, const char *@var{string})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
+ This function allows the introduction of new severity classes which can be
+ addressed by the @var{severity} parameter of the @code{fmtmsg} function.
+ The @var{severity} parameter of @code{addseverity} must match the value
diff --git a/patches/manual-document-mt-safety-wip.patch b/patches/manual-document-mt-safety-wip.patch
new file mode 100644
index 0000000..31af2c2
--- /dev/null
+++ b/patches/manual-document-mt-safety-wip.patch
@@ -0,0 +1,3477 @@
+Bottom: cd865dbc67422bb0360d4e2692cc5f7ec6aea252
+Top: 7e6a83a1413d637cd4076c377f2dc632dc928b39
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:48 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/???.texi: Document thread safety properties.
+
+
+---
+
+diff --git a/manual/argp.texi b/manual/argp.texi
+index c9fbe97..5322f91 100644
+--- a/manual/argp.texi
++++ b/manual/argp.texi
+@@ -36,6 +36,35 @@ needed in @code{main}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
++@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Optionally alloca()tes standard help options, initializes the parser,
++@c then parses individual args in a loop, and then finalizes.
++@c parser_init
++@c calc_sizes ok
++@c option_is_end ok
++@c malloc
++@c parser_convert glocale
++@c convert_options glocale
++@c option_is_end ok
++@c option_is_short ok
++@c isprint, but locale may change within the loop
++@c find_long_option ok
++@c group_parse
++@c group->parser (from argp->parser)
++@c parser_parse_next
++@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
++@c parser_parse_arg
++@c group_parse
++@c parser_parse_opt
++@c group_parse
++@c argp_error
++@c dgettext (bad key error)
++@c parser_finalize
++@c group_parse
++@c fprintf
++@c dgettext
++@c arg_state_help
++@c free
+ The @code{argp_parse} function parses the arguments in @var{argv}, of
+ length @var{argc}, using the argp parser @var{argp}. @xref{Argp
+ Parsers}. Passing a null pointer for @var{argp} is the same as using
+@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_usage (const struct argp_state *@var{state})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
+ Outputs the standard usage message for the argp parser referred to by
+ @var{state} to @code{@var{state}->err_stream} and terminate the program
+ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Lock stream, vasprintf the formatted message into a buffer, print the
++@c buffer prefixed by the short program name (in libc,
++@c argp_short_program_name is a macro that expands to
++@c program_invocation_short_name), releases the buffer, then call
++@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
++@c stream at the end.
+ Prints the printf format string @var{fmt} and following args, preceded
+ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ --help}} message, and terminates the program with an exit status of
+@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
++@c Lock stream, write out the short program name, vasprintf the optional
++@c formatted message to a buffer, print the buffer prefixed by colon and
++@c blank, release the buffer, call strerror_r with an automatic buffer,
++@c print it out after colon and blank, put[w]c a line break, unlock the
++@c stream, then exit unless ARGP_NO_EXIT.
+ Similar to the standard gnu error-reporting function @code{error}, this
+ prints the program name and @samp{:}, the printf format string
+ @var{fmt}, and the appropriate following args. If it is non-zero, the
+@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help with the short program name and optionally exit.
++@c The main problems in _help, besides the usual issues with stream I/O
++@c and translation, are the use of a static buffer (uparams) that makes
++@c the whole thing thread-unsafe, reading from the environment for
++@c ARGP_HELP_FMT, accessing the locale object multiple times.
++
++@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c flockfile lockleak
++@c funlockfile lockleak
++@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
++@c argp_failure dup (status = errnum = 0)
++@c atoi dup
++@c argp_hol asmalloc, memleak
++@c make_hol asmalloc, memleak
++@c hol_add_cluster asmalloc, memleak
++@c hol_append asmalloc, memleak
++@c hol_set_group ok
++@c hol_find_entry ok
++@c hol_sort glocale, asmalloc, memleak
++@c qsort asmalloc, memleak
++@c hol_entry_qcmp glocale
++@c hol_entry_cmp glocale
++@c group_cmp ok
++@c hol_cluster_cmp ok
++@c group_cmp ok
++@c hol_entry_first_short glocale
++@c hol_entry_short_iterate [glocale]
++@c until_short ok
++@c oshort ok
++@c isprint ok
++@c odoc ok
++@c hol_entry_first_long ok
++@c canon_doc_option glocale
++@c tolower dup
++@c hol_usage glocale, asi18n, asmalloc, memleak
++@c hol_entry_short_iterate ok
++@c add_argless_short_opt ok
++@c argp_fmtstream_printf dup
++@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
++@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
++@c usage_long_opt glocale, asi18n, asmalloc, memleak
++@c dgettext dup
++@c argp_fmtstream_printf dup
++@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_wmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_putc dup
++@c hol_cluster_is_child ok
++@c argp_fmtstream_wmargin dup
++@c print_header dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c indent_to dup
++@c argp_fmtstream_putc dup
++@c arg glocale, asmalloc, memleak
++@c argp_fmtstream_printf dup
++@c odoc dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_printf dup
++@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c indent_to dup
++@c argp_fmtstream_set_lmargin dup
++@c argp_fmtstream_set_wmargin dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c filter_doc dup
++@c argp_fmtstream_point dup
++@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_putc dup
++@c dgettext dup
++@c filter_doc dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_puts dup
++@c free dup
++@c hol_free asmalloc, memleak
++@c free dup
++@c argp_args_levels ok
++@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
++@c dgettext dup
++@c filter_doc ok
++@c argp_input ok
++@c argp->help_filter
++@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_point dup
++@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_putc dup
++@c argp_fmtstream_write dup
++@c free dup
++@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
++@c dgettext asi18n
++@c strndup asmalloc, memleak
++@c argp_input dup
++@c argp->help_filter
++@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure dup
++@c argp_fmtstream_write dup
++@c argp_fmtstream_puts dup
++@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_lmargin dup
++@c free dup
++@c argp_make_fmtstream asmalloc, memleak
++@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
++@c put[w]c_unlocked dup
++@c isblank in loop glocale
++@c fxprintf lockleak
++@c fxprintf lockleak
++@c free dup
++@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_printf glocale, asmalloc, memleak
++@c argp_fmtstream_ensure dup
++@c vsnprintf dup
++@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
++@c argp_fmtstream_update dup
++@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
++@c argp_fmtstream_update dup
++@c fxprintf lockleak
++@c realloc asmalloc, memleak
+ Outputs a help message for the argp parser referred to by @var{state},
+ to @var{stream}. The @var{flags} argument determines what sort of help
+ message is produced. @xref{Argp Help Flags}.
+@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
+ @comment argp.h
+ @comment GNU
+ @deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
++@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
++@c Just calls _help.
+ This outputs a help message for the argp parser @var{argp} to
+ @var{stream}. The type of messages printed will be determined by
+ @var{flags}.
+diff --git a/manual/arith.texi b/manual/arith.texi
+index 833e0c9..5c3aa9d 100644
+--- a/manual/arith.texi
++++ b/manual/arith.texi
+@@ -323,6 +323,7 @@ floating-point number a variable holds.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is a generic macro which works on all floating-point types and
+ which returns a value of type @code{int}. The possible values are:
+
+@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite: not plus or
+ minus infinity, and not NaN. It is equivalent to
+
+@@ -373,6 +375,7 @@ floating-point type.
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is finite and normalized.
+ It is equivalent to
+
+@@ -384,6 +387,7 @@ It is equivalent to
+ @comment math.h
+ @comment ISO
+ @deftypefn {Macro} int isnan (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is NaN. It is equivalent
+ to
+
+@@ -395,6 +399,7 @@ to
+ @comment math.h
+ @comment GNU
+ @deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value if @var{x} is a signaling NaN
+ (sNaN). It is based on draft TS 18661 and currently enabled as a GNU
+ extension.
+@@ -2443,6 +2448,32 @@ as well.
+ @safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+ @c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+ @c mpn, but it's all safe.
++@c
++@c round_and_return
++@c get_rounding_mode ok
++@c mpn_add_1 ok
++@c mpn_rshift ok
++@c MPN_ZERO ok
++@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
++@c str_to_mpn
++@c mpn_mul_1 -> umul_ppmm ok
++@c mpn_add_1 ok
++@c mpn_lshift_1 -> mpn_lshift ok
++@c STRTOF_INTERNAL
++@c MPN_VAR ok
++@c SET_MANTISSA ok
++@c STRNCASECMP ok, wide and narrow
++@c round_and_return ok
++@c mpn_mul ok
++@c mpn_addmul_1 ok
++@c ... mpn_sub
++@c mpn_lshift ok
++@c udiv_qrnnd ok
++@c count_leading_zeros ok
++@c add_ssaaaa ok
++@c sub_ddmmss ok
++@c umul_ppmm ok
++@c mpn_submul_1 ok
+ The @code{strtod} (``string-to-double'') function converts the initial
+ part of @var{string} to a floating-point number, which is returned as a
+ value of type @code{double}.
+diff --git a/manual/charset.texi b/manual/charset.texi
+index e21502e..7e6c416 100644
+--- a/manual/charset.texi
++++ b/manual/charset.texi
+@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int mbsinit (const mbstate_t *@var{ps})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c ps is dereferenced once, unguarded. Potential harmless data race.
+ The @code{mbsinit} function determines whether the state object pointed
+ to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
+ the object is in the initial state the return value is nonzero. Otherwise
+@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun wint_t btowc (int @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls btowc_fct or __fct; reads from locale, and from the
++@c get_gconv_fcts result multiple times. get_gconv_fcts calls
++@c __wcsmbs_load_conv to initialize the ctype if it's null.
++@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
++@c memory for the fcts structure, initializing it, and then storing it
++@c in the locale object. The initialization involves dlopening and a
++@c lot more.
+ The @code{btowc} function (``byte to wide character'') converts a valid
+ single byte character @var{c} in the initial shift state into the wide
+ character equivalent using the conversion rules from the currently
+@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun int wctob (wint_t @var{c})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctob} function (``wide character to byte'') takes as the
+ parameter a valid wide character. If the multibyte representation for
+ this character in the initial state is exactly one byte long, the return
+@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ @cindex stateful
+ The @code{mbrtowc} function (``multibyte restartable to wide
+ character'') converts the next multibyte character in the string pointed
+@@ -728,6 +740,7 @@ function that does part of the work.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbrlen} function (``multibyte restartable length'') computes
+ the number of at most @var{n} bytes starting at @var{s}, which form the
+ next valid and complete multibyte character.
+@@ -811,6 +824,50 @@ doing the work twice.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c wcrtomb uses a static, non-thread-local unguarded state variable when
++@c PS is NULL. When a state is passed in, and it's not used
++@c concurrently in other threads, this function behaves safely as long
++@c as gconv modules don't bring MT safety issues of their own.
++@c Attempting to load gconv modules or to build conversion chains in
++@c signal handlers may encounter gconv databases or caches in a
++@c partially-updated state, and asynchronous cancellation may leave them
++@c in such states, besides leaking the lock that guards them.
++@c get_gconv_fcts ok
++@c wcsmbs_load_conv ok
++@c norm_add_slashes ok
++@c wcsmbs_getfct ok
++@c gconv_find_transform ok
++@c gconv_read_conf (libc_once)
++@c gconv_lookup_cache ok
++@c find_module_idx ok
++@c find_module ok
++@c gconv_find_shlib (ok)
++@c ->init_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c do_lookup_alias ok
++@c find_derivation ok
++@c derivation_lookup ok
++@c increment_counter ok
++@c gconv_find_shlib ok
++@c step->init_fct (assumed ok)
++@c gen_steps ok
++@c gconv_find_shlib ok
++@c dlopen (presumed ok)
++@c dlsym (presumed ok)
++@c step->init_fct (assumed ok)
++@c step->end_fct (assumed ok)
++@c gconv_get_builtin_trans ok
++@c gconv_release_step ok
++@c add_derivation ok
++@c gconv_close_transform ok
++@c gconv_release_step ok
++@c step->end_fct (assumed ok)
++@c gconv_release_shlib ok
++@c dlclose (presumed ok)
++@c gconv_release_cache ok
++@c ->tomb->__fct (assumed ok)
+ The @code{wcrtomb} function (``wide character restartable to
+ multibyte'') converts a single wide character into a multibyte string
+ corresponding to that wide character.
+@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsrtowcs} function (``multibyte string restartable to wide
+ character string'') converts an NUL-terminated multibyte character
+ string at @code{*@var{src}} into an equivalent wide character string,
+@@ -1039,6 +1097,7 @@ length and passing this length to the function.
+ @comment wchar.h
+ @comment ISO
+ @deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsrtombs} function (``wide character string restartable to
+ multibyte string'') converts the NUL-terminated wide character string at
+ @code{*@var{src}} into an equivalent multibyte character string and
+@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
+ function. All the parameters are the same except for @var{nmc}, which is
+ new. The return value is the same as for @code{mbsrtowcs}.
+@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
+ @comment wchar.h
+ @comment GNU
+ @deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
++@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcsnrtombs} function implements the conversion from wide
+ character strings to multibyte character strings. It is similar to
+ @code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
+@@ -1280,6 +1341,7 @@ conversion functions.}
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mbtowc} (``multibyte to wide character'') function when called
+ with non-null @var{string} converts the first multibyte character
+ beginning at @var{string} to its corresponding wide character code. It
+@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wctomb} (``wide character to multibyte'') function converts
+ the wide character code @var{wchar} to its corresponding multibyte
+ character sequence, and stores the result in bytes starting at
+@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun int mblen (const char *@var{string}, size_t @var{size})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{mblen} function with a non-null @var{string} argument returns
+ the number of bytes that make up the multibyte character beginning at
+ @var{string}, never examining more than @var{size} bytes. (The idea is
+@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Odd... Although this is in the non-reentrant section, the state
++@c object is automatic, not a static buffer.
+ The @code{mbstowcs} (``multibyte string to wide character string'')
+ function converts the null-terminated string of multibyte characters
+ @var{string} to an array of wide character codes, storing not more than
+@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+ The @code{wcstombs} (``wide character string to multibyte string'')
+ function converts the null-terminated wide character array @var{wstring}
+ into a string containing multibyte characters, storing not more than
+@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
++@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
++@c strip and upstr on both, then gconv_open. strip and upstr call
++@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
++@c tokenize toset, replace unspecified codesets with the current locale
++@c (posibly two different accesses), and finally it calls
++@c gconv_find_transform and initializes the gconv_t result with all the
++@c steps in the conversion sequence, running each one's initializer,
++@c destructing and releasing them all if anything fails.
++
+ The @code{iconv_open} function has to be used before starting a
+ conversion. The two parameters this function takes determine the
+ source and destination character set for the conversion, and if the
+@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun int iconv_close (iconv_t @var{cd})
++@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
++@c Calls gconv_close to destruct and release each of the conversion
++@c steps, release the gconv_t object, then call gconv_close_transform.
++@c Access to the gconv_t object is not guarded, but calling iconv_close
++@c concurrently with any other use is undefined.
++
+ The @code{iconv_close} function frees all resources associated with the
+ handle @var{cd}, which must have been returned by a successful call to
+ the @code{iconv_open} function.
+@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
+ @comment iconv.h
+ @comment XPG2
+ @deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
++@c Without guarding access to the gconv_t object pointed to by cd, call
++@c the conversion function to convert inbuf or flush the internal
++@c conversion state.
+ @cindex stateful
+ The @code{iconv} function converts the text in the input buffer
+ according to the rules associated with the descriptor @var{cd} and
+diff --git a/manual/conf.texi b/manual/conf.texi
+index 7eb8b36..edbb2fd 100644
+--- a/manual/conf.texi
++++ b/manual/conf.texi
+@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} sysconf (int @var{parameter})
++@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
++@c Some parts of the implementation open /proc and /sys files and dirs
++@c to collect system details, using fd and stream I/O depending on the
++@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
++@c calls tzset_internal, that calls getenv if it's called the first
++@c time; there are free and strdup calls in there too. The returned max
++@c value may change over time for TZNAME_MAX, depending on selected
++@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
++@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
++@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
++@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
+ This function is used to inquire about runtime system parameters. The
+ @var{parameter} argument should be one of the @samp{_SC_} symbols listed
+ below.
+@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c When __statfs_link_max finds an ext* filesystem, it may read
++@c /proc/mounts or similar as a mntent stream.
++@c __statfs_chown_restricted may read from
++@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
+ This function is used to inquire about the limits that apply to
+ the file named @var{filename}.
+
+@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
++@c Same caveats as pathconf.
+ This is just like @code{pathconf} except that an open file descriptor
+ is used to specify the file for which information is requested, instead
+ of a file name.
+@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function reads the value of a string-valued system parameter,
+ storing the string into @var{len} bytes of memory space starting at
+ @var{buf}. The @var{parameter} argument should be one of the
+diff --git a/manual/crypt.texi b/manual/crypt.texi
+index ef90590..5c9f6f7 100644
+--- a/manual/crypt.texi
++++ b/manual/crypt.texi
+@@ -92,7 +92,13 @@ in a convenient way.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun {char *} getpass (const char *@var{prompt})
+-
++@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
++@c This function will attempt to create a stream for terminal I/O, but
++@c will fallback to stdio/stderr. It attempts to change the terminal
++@c mode in a thread-unsafe way, write out the prompt, read the password,
++@c then restore the terminal mode. It has a cleanup to close the stream
++@c in case of (synchronous) cancellation, but not to restore the
++@c terminal mode.
+ @code{getpass} outputs @var{prompt}, then reads a string in from the
+ terminal without echoing it. It tries to connect to the real terminal,
+ @file{/dev/tty}, if possible, to encourage users not to put plaintext
+@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Besides the obvious problem of returning a pointer into static
++@c storage, the DES initializer takes an internal lock with the usual
++@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
++@c NSS implementations of may leak file descriptors if canceled. The
++@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
++@c and NSS relies on dlopening, which brings about another can of worms.
+
+ The @code{crypt} function takes a password, @var{key}, as a string, and
+ a @var{salt} character array which is described below, and returns a
+@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
+ @comment crypt.h
+ @comment GNU
+ @deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
++@c Compared with crypt, this function fixes the staticbuf problem, but
++@c nothing else.
+
+ The @code{crypt_r} function does the same thing as @code{crypt}, but
+ takes an extra parameter which includes space for its result (among
+@@ -233,6 +249,11 @@ specifies the unused bits.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void setkey (const char *@var{key})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c The static buffer stores the key, making it fundamentally
++@c thread-unsafe. The locking issues are only in the initialization
++@c path; cancelling the initialization will leave the lock held, it
++@c would otherwise repeat the initialization on the next call.
+
+ The @code{setkey} function sets an internal data structure to be an
+ expanded form of @var{key}. @var{key} is specified as an array of 64
+@@ -244,6 +265,8 @@ parity.
+ @comment crypt.h
+ @comment BSD, SVID
+ @deftypefun void encrypt (char *@var{block}, int @var{edflag})
++@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
++@c Same issues as setkey.
+
+ The @code{encrypt} function encrypts @var{block} if
+ @var{edflag} is 0, otherwise it decrypts @var{block}, using a key
+@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
+ @comment crypt.h
+ @comment GNU
+ @deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+ @comment crypt.h
+ @comment GNU
+ @deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
++@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+
+ These are reentrant versions of @code{setkey} and @code{encrypt}. The
+ only difference is the extra parameter, which stores the expanded
+@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{ecb_crypt} encrypts or decrypts one or more blocks
+ using DES. Each block is encrypted independently.
+@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{cbc_crypt} encrypts or decrypts one or more blocks
+ using DES in Cipher Block Chaining mode.
+@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
+ @comment rpc/des_crypt.h
+ @comment SUNRPC
+ @deftypefun void des_setparity (char *@var{key})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The function @code{des_setparity} changes the 64-bit @var{key}, stored
+ packed in 8-bit bytes, to have odd parity by altering the low bits of
+diff --git a/manual/ctype.texi b/manual/ctype.texi
+index f05d509..ddf38ce 100644
+--- a/manual/ctype.texi
++++ b/manual/ctype.texi
+@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int islower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The is* macros call __ctype_b_loc to get the ctype array from the
++@c current locale, and then index it by c. __ctype_b_loc reads from
++@c thread-local memory the (indirect) pointer to the ctype array, which
++@c may involve one word access to the global locale object, if that's
++@c the active locale for the thread, and the array, being part of the
++@c locale data, is undeletable, so there's no thread-safety issue.
+ Returns true if @var{c} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+ @end deftypefun
+@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalpha (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphabetic character (a letter). If
+ @code{islower} or @code{isupper} is true of a character, then
+ @code{isalpha} is also true.
+@@ -97,6 +106,7 @@ additional characters.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @end deftypefun
+
+@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isalnum (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is an alphanumeric character (a letter or
+ number); in other words, if either @code{isalpha} or @code{isdigit} is
+ true of a character, then @code{isalnum} is also true.
+@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isxdigit (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int ispunct (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -132,6 +145,7 @@ character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isspace (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{isspace} returns true for only the standard
+ whitespace characters:
+@@ -161,6 +175,7 @@ vertical tab
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isblank (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @end deftypefun
+@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isgraph (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -178,6 +194,7 @@ considered graphic.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int isprint (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+ @end deftypefun
+@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iscntrl (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a control character (that is, a character that
+ is not a printing character).
+ @end deftypefun
+@@ -194,6 +212,7 @@ is not a printing character).
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int isascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
+ into the US/UK ASCII character set. This function is a BSD extension
+ and is also an SVID extension.
+@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The to* macros/functions call different functions that use different
++@c arrays than those of__ctype_b_loc, but the access patterns and
++@c thus safety guarantees are the same.
+ If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
+ lower-case letter. If @var{c} is not an upper-case letter,
+ @var{c} is returned unchanged.
+@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
+ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @end deftypefun
+@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
+ @comment ctype.h
+ @comment SVID, BSD
+ @deftypefun int toascii (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function converts @var{c} to a 7-bit @code{unsigned char} value
+ that fits into the US/UK ASCII character set, by clearing the high-order
+ bits. This function is a BSD extension and is also an SVID extension.
+@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _tolower (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{tolower}, and is provided for compatibility
+ with the SVID. @xref{SVID}.@refill
+ @end deftypefun
+@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
+ @comment ctype.h
+ @comment SVID
+ @deftypefun int _toupper (int @var{c})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is identical to @code{toupper}, and is provided for compatibility
+ with the SVID.
+ @end deftypefun
+@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctype_t wctype (const char *@var{property})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Although the source code of wctype contains multiple references to
++@c the locale, that could each reference different locale_data objects
++@c should the global locale object change while active, the compiler can
++@c and does combine them all into a single dereference that resolves
++@c once to the LCTYPE locale object used throughout the function, so it
++@c is safe in practice, if not in theory. Ideally we'd explicitly save
++@c the resolved locale_data object to make it visibly safe instead of
++@c safe only under compiler optimizations.
+ The @code{wctype} returns a value representing a class of wide
+ characters which is identified by the string @var{property}. Beside
+ some standard properties each locale can define its own ones. In case
+@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The compressed lookup table returned by wctype is read-only.
+ This function returns a nonzero value if @var{wc} is in the character
+ class specified by @var{desc}. @var{desc} must previously be returned
+ by a successful call to @code{wctype}.
+@@ -350,6 +388,15 @@ standard classes.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalnum (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c The implicit wctype call in the isw* functions is actually an
++@c optimized version because the category has a known offset, but the
++@c wctype is equally safe when optimized, unsafe if not optimized.
++@c Since it's not a macro, and we always optimize, it's fine. The test
++@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
++@c bring any other safety issues: the test does not depend on the
++@c locale, and each path after the decision resolves the locale object
++@c only once.
+ This function returns a nonzero value if @var{wc} is an alphanumeric
+ character (a letter or number); in other words, if either @code{iswalpha}
+ or @code{iswdigit} is true of a character, then @code{iswalnum} is also
+@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswalpha (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an alphabetic character (a letter). If
+ @code{iswlower} or @code{iswupper} is true of a character, then
+ @code{iswalpha} is also true.
+@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswcntrl (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a control character (that is, a character that
+ is not a printing character).
+
+@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
+ Please note that this function does not only return a nonzero value for
+ @emph{decimal} digits, but for all kinds of digits. A consequence is
+@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswgraph (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a graphic character; that is, a character
+ that has a glyph associated with it. The whitespace characters are not
+ considered graphic.
+@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
+ @comment ctype.h
+ @comment ISO
+ @deftypefun int iswlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a lower-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswprint (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a printing character. Printing characters
+ include all the graphic characters, plus the space (@samp{ }) character.
+
+@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswpunct (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a punctuation character.
+ This means any printing character that is not alphanumeric or a space
+ character.
+@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswspace (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
+ @code{"C"} locale, @code{iswspace} returns true for only the standard
+ whitespace characters:
+@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is an upper-case letter. The letter need not be
+ from the Latin alphabet, any alphabet representable is valid.
+
+@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswxdigit (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a hexadecimal digit.
+ Hexadecimal digits include the normal decimal digits @samp{0} through
+ @samp{9} and the letters @samp{A} through @samp{F} and
+@@ -597,6 +654,7 @@ characters as well.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun int iswblank (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ Returns true if @var{wc} is a blank character; that is, a space or a tab.
+ This function was originally a GNU extension, but was added in @w{ISO C99}.
+ It is declared in @file{wchar.h}.
+@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wctrans_t wctrans (const char *@var{property})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Similar implementation, same caveats as wctype.
+ The @code{wctrans} function has to be used to find out whether a named
+ mapping is defined in the current locale selected for the
+ @code{LC_CTYPE} category. If the returned value is non-zero, you can use
+@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Same caveats as iswctype.
+ @code{towctrans} maps the input character @var{wc}
+ according to the rules of the mapping for which @var{desc} is a
+ descriptor, and returns the value it finds. @var{desc} must be
+@@ -732,6 +792,9 @@ for them.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towlower (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
++@c Same caveats as iswalnum, just using a wctrans rather than a wctype
++@c table.
+ If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
+ lower-case letter. If @var{wc} is not an upper-case letter,
+ @var{wc} is returned unchanged.
+@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
+ @comment wctype.h
+ @comment ISO
+ @deftypefun wint_t towupper (wint_t @var{wc})
++@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+ If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
+ upper-case letter. Otherwise @var{wc} is returned unchanged.
+
+diff --git a/manual/debug.texi b/manual/debug.texi
+index 1db9c18..ce0c263 100644
+--- a/manual/debug.texi
++++ b/manual/debug.texi
+@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun int backtrace (void **@var{buffer}, int @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Pointer chasing within the local stack.
+ The @code{backtrace} function obtains a backtrace for the current
+ thread, as a list of pointers, and places the information into
+ @var{buffer}. The argument @var{size} should be the number of
+@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
++@c Collects info returned by _dl_addr in auto array, allocates memory
++@c for the whole return buffer with malloc then sprintfs into it storing
++@c pointers to the strings into the array entries in the buffer.
++@c _dl_addr takes the recursive dl_load_lock then calls
++@c _dl_find_dso_for_object and determine_info.
++@c _dl_find_dso_for_object calls _dl-addr_inside_object.
++@c All of them are safe as long as the lock is held.
++@c asynconsist? It doesn't looke like the dynamic loader's data
++@c structures could be in an inconsistent state that would cause
++@c malfunction here.
+ The @code{backtrace_symbols} function translates the information
+ obtained from the @code{backtrace} function into an array of strings.
+ The argument @var{buffer} should be a pointer to an array of addresses
+@@ -88,6 +101,11 @@ cannot be obtained.
+ @comment execinfo.h
+ @comment GNU
+ @deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
++@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
++@c Single loop of _dl_addr over addresses, collecting info into an iovec
++@c written out with a writev call per iteration. Addresses and offsets
++@c are converted to hex in auto buffers, so the only potential issue
++@c here is leaking the dl lock in case of cancellation.
+ The @code{backtrace_symbols_fd} function performs the same translation
+ as the function @code{backtrace_symbols} function. Instead of returning
+ the strings to the caller, it writes the strings to the file descriptor
+diff --git a/manual/errno.texi b/manual/errno.texi
+index 6c9fa86..eb3f412 100644
+--- a/manual/errno.texi
++++ b/manual/errno.texi
+@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
+ @comment string.h
+ @comment ISO
+ @deftypefun {char *} strerror (int @var{errnum})
++@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
++@c Calls strerror_r with a static buffer allocated with malloc on the
++@c first use.
+ The @code{strerror} function maps the error code (@pxref{Checking for
+ Errors}) specified by the @var{errnum} argument to a descriptive error
+ message string. The return value is a pointer to this string.
+@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
+ @comment string.h
+ @comment GNU
+ @deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
++@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
+ The @code{strerror_r} function works like @code{strerror} but instead of
+ returning the error message in a statically allocated buffer shared by
+ all threads in the process, it returns a private copy for the
+@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
+ @comment stdio.h
+ @comment ISO
+ @deftypefun void perror (const char *@var{message})
++@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
++@c Besides strerror_r's and some of fprintf's issues, if stderr is not
++@c oriented yet, create a new stream with a dup of stderr's fd and write
++@c to that instead of stderr, to avoid orienting it.
+ This function prints an error message to the stream @code{stderr};
+ see @ref{Standard Streams}. The orientation of @code{stderr} is not
+ changed.
+@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
++@c Cancellation is disabled throught the execution. It flushes stdout
++@c and then holds a lock on stderr while printing the program name and
++@c then running error_tail. The non-wide case just runs vfprintf; the
++@c wide case converts the message to an alloca/malloc-allocated buffer
++@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
++@c print_errno_message calls strerror_r and fxprintf.
+ The @code{error} function can be used to report general problems during
+ program execution. The @var{format} argument is a format string just
+ like those given to the @code{printf} family of functions. The
+@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
+ @comment error.h
+ @comment GNU
+ @deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
++@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
++@c The error_one_per_line variable is accessed (without any form of
++@c synchronization, but since it's an int used once, it should be safe
++@c enough) and, if this mode is enabled, static variables used to hold
++@c the last printed file name and line number are accessed and modified
++@c without synchronization; the update is not atomic and it occurs
++@c before disabling cancellation, so it can be interrupted after only
++@c one of the two variables is modified. After that, it's very much
++@c like error.
+
+ The @code{error_at_line} function is very similar to the @code{error}
+ function. The only difference are the additional parameters @var{fname}
+@@ -1582,6 +1606,8 @@ are included only for compatibility.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warn (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Just calls vwarn with the va_list.
+ The @code{warn} function is roughly equivalent to a call like
+ @smallexample
+ error (0, errno, format, @r{the parameters})
+@@ -1594,6 +1620,11 @@ are not used.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c While holding stderr's recursive lock, it prints the programname, the
++@c given message, and the error string with fw?printf's %m. When the
++@c stream is wide, convert_and_print converts the format string to an
++@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
+ The @code{vwarn} function is just like @code{warn} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void warnx (const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn, but without the strerror translation issues.
+ The @code{warnx} function is roughly equivalent to a call like
+ @smallexample
+ error (0, 0, format, @r{the parameters})
+@@ -1615,6 +1648,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn, but without the strerror translation issues.
+ The @code{vwarnx} function is just like @code{warnx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warn followed by exit.
+ The @code{err} function is roughly equivalent to a call like
+ @smallexample
+ error (status, errno, format, @r{the parameters})
+@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarn followed by exit.
+ The @code{verr} function is just like @code{err} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
+ @comment err.h
+ @comment BSD
+ @deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as warnx followed by exit.
+ The @code{errx} function is roughly equivalent to a call like
+ @smallexample
+ error (status, 0, format, @r{the parameters})
+@@ -1657,6 +1698,8 @@ string is printed.
+ @comment err.h
+ @comment BSD
+ @deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
++@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
++@c Same as vwarnx followed by exit.
+ The @code{verrx} function is just like @code{errx} except that the
+ parameters for the handling of the format string @var{format} are passed
+ in as an value of type @code{va_list}.
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 1df9cf2..2244025 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c If buffer is NULL, this function calls malloc and realloc, and, in
++@c case of error, free. Linux offers a getcwd syscall that we use on
++@c GNU/Linux systems, but it may fail if the pathname is too long. As a
++@c fallback, and on other systems, the generic implementation opens each
++@c parent directory with opendir, which allocates memory for the
++@c directory stream with malloc. If a fstatat64 syscall is not
++@c available, very deep directory trees may also have to malloc to build
++@c longer sequences of ../../../... than those supported by a global
++@c const read-only string.
++
++@c linux/__getcwd
++@c posix/__getcwd
++@c malloc/realloc/free if buffer is NULL, or if dir is too deep
++@c lstat64 -> see its own entry
++@c fstatat64
++@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
++@c openat64_not_cancel_3, close_not_cancel_no_status
++@c __fdopendir, __opendir, __readdir, rewinddir
+ The @code{getcwd} function returns an absolute file name representing
+ the current working directory, storing it in the character array
+ @var{buffer} that you provide. The @var{size} argument is how you tell
+@@ -116,6 +135,9 @@ software.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
++@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
++@c Besides the getcwd safety issues, it calls strerror_r on error, which
++@c brings in all of the i18n issues.
+ This is similar to @code{getcwd}, but has no way to specify the size of
+ the buffer. @Theglibc{} provides @code{getwd} only
+ for backwards compatibility with BSD.
+@@ -130,6 +152,9 @@ this function is deprecated.
+ @comment unistd.h
+ @comment GNU
+ @deftypefun {char *} get_current_dir_name (void)
++@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides getcwd, which this function calls as a fallback, it calls
++@c getenv, with the usual thread-safety issues that brings about.
+ @vindex PWD
+ This @code{get_current_dir_name} function is basically equivalent to
+ @w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
+@@ -145,6 +170,7 @@ This function is a GNU extension.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ @var{filename}.
+
+@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
+ @comment unistd.h
+ @comment XPG
+ @deftypefun int fchdir (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is used to set the process's working directory to
+ directory associated with the file descriptor @var{filedes}.
+
+@@ -294,12 +321,14 @@ values and @code{st_mode} values:
+ @comment dirent.h
+ @comment BSD
+ @deftypefun int IFTODT (mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{d_type} value corresponding to @var{mode}.
+ @end deftypefun
+
+ @comment dirent.h
+ @comment BSD
+ @deftypefun mode_t DTTOIF (int @var{dtype})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This returns the @code{st_mode} value corresponding to @var{dtype}.
+ @end deftypefun
+ @end table
+@@ -342,6 +371,9 @@ the following functions.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {DIR *} opendir (const char *@var{dirname})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Besides the safe syscall, we have to allocate the DIR object with
++@c __alloc_dir, that calls malloc.
+ The @code{opendir} function opens and returns a directory stream for
+ reading the directory whose file name is @var{dirname}. The stream has
+ type @code{DIR *}.
+@@ -381,6 +413,8 @@ alternative interface can be used.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun {DIR *} fdopendir (int @var{fd})
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c The DIR object is allocated with __alloc_dir, that calls malloc.
+ The @code{fdopendir} function works just like @code{opendir} but
+ instead of taking a file name and opening a file descriptor for the
+ directory the caller is required to provide a file descriptor. This
+@@ -425,6 +459,7 @@ access.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int dirfd (DIR *@var{dirstream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The function @code{dirfd} returns the file descriptor associated with
+ the directory stream @var{dirstream}. This descriptor can be used until
+ the directory is closed with @code{closedir}. If the directory stream
+@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c This function holds dirstream's non-recursive lock, which brings
++@c about the usual issues with locks and async signals and cancellation,
++@c but the lock taking is not enough to make the returned value safe to
++@c use, since it points to a stream's internal buffer that can be
++@c overwritten by subsequent calls or even released by closedir.
+ This function reads the next entry from the directory. It normally
+ returns a pointer to a structure containing information about the file.
+ This structure is statically allocated and can be rewritten by a
+@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is the reentrant version of @code{readdir}. Like
+ @code{readdir} it returns the next entry from the directory. But to
+ prevent conflicts between simultaneously running threads the result is
+@@ -516,6 +558,7 @@ of the last two functions.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
++@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64} function is just like the @code{readdir} function
+ except that it returns a pointer to a record of type @code{struct
+ dirent64}. Some of the members of this data type (notably @code{d_ino})
+@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
+ @comment dirent.h
+ @comment LFS
+ @deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{readdir64_r} function is equivalent to the @code{readdir_r}
+ function except that it takes parameters of base type @code{struct
+ dirent64} instead of @code{struct dirent} in the second and third
+@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun int closedir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
++@c No synchronization in the posix implementation, only in the hurd
++@c one. This is regarded as safe because it is undefined behavior if
++@c other threads could still be using the dir stream while it's closed.
+ This function closes the directory stream @var{dirstream}. It returns
+ @code{0} on success and @code{-1} on failure.
+
+@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
+ @comment dirent.h
+ @comment POSIX.1
+ @deftypefun void rewinddir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ The @code{rewinddir} function is used to reinitialize the directory
+ stream @var{dirstream}, so that if you call @code{readdir} it
+ returns information about the first entry in the directory again. This
+@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
+ @comment dirent.h
+ @comment BSD
+ @deftypefun {long int} telldir (DIR *@var{dirstream})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{telldir} function returns the file position of the directory
+ stream @var{dirstream}. You can use this value with @code{seekdir} to
+ restore the directory stream to that position.
+@@ -597,6 +650,10 @@ restore the directory stream to that position.
+ @comment dirent.h
+ @comment BSD
+ @deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
++@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
++@c The implementation is safe on most platforms, but on BSD it uses
++@c cookies, buckets and records, and the global array of pointers to
++@c dynamically allocated records is guarded by a non-recursive lock.
+ The @code{seekdir} function sets the file position of the directory
+ stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
+ result of a previous call to @code{telldir} on this particular stream;
+@@ -616,6 +673,19 @@ the result.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c The scandir function calls __opendirat, __readdir, and __closedir to
++@c go over the named dir; malloc and realloc to allocate the namelist
++@c and copies of each selected dirent, besides the selector, if given,
++@c and qsort and the cmp functions if the latter is given. In spite of
++@c the cleanup handler that releases memory and the file descriptor in
++@c case of synchronous cancellation, an asynchronous cancellation may
++@c still leak memory and a file descriptor. Although readdir is unsafe
++@c in general, the use of an internal dir stream for sequential scanning
++@c of the directory with copying of dirents before subsequent calls
++@c makes the use safe, and the fact that the dir stream is private to
++@c each scandir call does away with the lock issues in readdir and
++@c closedir.
+
+ The @code{scandir} function scans the contents of the directory selected
+ by @var{dir}. The result in *@var{namelist} is an array of pointers to
+@@ -646,6 +716,8 @@ are very helpful for this purpose.
+ @comment dirent.h
+ @comment BSD/SVID
+ @deftypefun int alphasort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Calls strcoll.
+ The @code{alphasort} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls strverscmp.
+ The @code{versionsort} function is like @code{alphasort} except that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
++@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
++@c See scandir.
+ The @code{scandir64} function works like the @code{scandir} function
+ except that the directory entries it returns are described by elements
+ of type @w{@code{struct dirent64}}. The function pointed to by
+@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c See alphasort.
+ The @code{alphasort64} function behaves like the @code{strcoll} function
+ (@pxref{String/Array Comparison}). The difference is that the arguments
+ are not string pointers but instead they are of type
+@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c See versionsort.
+ The @code{versionsort64} function is like @code{alphasort64}, excepted that it
+ uses the @code{strverscmp} function internally.
+ @end deftypefun
+@@ -880,6 +960,8 @@ file was passed).
+ @comment ftw.h
+ @comment SVID
+ @deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
++@c see nftw for safety details
+ The @code{ftw} function calls the callback function given in the
+ parameter @var{func} for every item which is found in the directory
+ specified by @var{filename} and all directories below. The function
+@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
++@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+ This function is similar to @code{ftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
+ @comment ftw.h
+ @comment XPG4.2
+ @deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
++@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
++@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
++@c if FTW_CHDIR, also calls fchdir
++@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
++@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
++@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
++@c find_object (tsearch) and add_object (tfind).
++@c Since each invocation of *ftw uses its own private search tree, none
++@c of the search tree concurrency issues apply.
+ The @code{nftw} function works like the @code{ftw} functions. They call
+ the callback function @var{func} for all items found in the directory
+ @var{filename} and below. At most @var{descriptors} file descriptors
+@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
+ @comment ftw.h
+ @comment Unix98
+ @deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
++@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+ This function is similar to @code{nftw} but it can work on filesystems
+ with large files. File information is reported using a variable of type
+ @code{struct stat64} which is passed by reference to the callback
+@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int link (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{link} function makes a new link to the existing file named by
+ @var{oldname}, under the new name @var{newname}.
+
+@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{symlink} function makes a symbolic link to @var{oldname} named
+ @var{newname}.
+
+@@ -1190,6 +1287,7 @@ exceeded.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{readlink} function gets the value of the symbolic link
+ @var{filename}. The file name that the link points to is copied into
+ @var{buffer}. This file name string is @emph{not} null-terminated;
+@@ -1249,6 +1347,8 @@ names can refer to the same inode.
+ @comment stdlib.h
+ @comment GNU
+ @deftypefun {char *} canonicalize_file_name (const char *@var{name})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls realpath.
+
+ The @code{canonicalize_file_name} function returns the absolute name of
+ the file named by @var{name} which contains no @code{.}, @code{..}
+@@ -1290,6 +1390,8 @@ where the result is placed in.
+ @comment stdlib.h
+ @comment XPG
+ @deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
++@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
++@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
+
+ A call to @code{realpath} where the @var{resolved} parameter is
+ @code{NULL} behaves exactly like @code{canonicalize_file_name}. The
+@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int unlink (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{unlink} function deletes the file name @var{filename}. If
+ this is a file's sole name, the file itself is also deleted. (Actually,
+ if any process has the file open when this happens, deletion is
+@@ -1371,6 +1474,7 @@ file system and can't be modified.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int rmdir (const char *@var{filename})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ @cindex directories, deleting
+ @cindex deleting a directory
+ The @code{rmdir} function deletes a directory. The directory must be
+@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int remove (const char *@var{filename})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Calls unlink and rmdir.
+ This is the @w{ISO C} function to remove a file. It works like
+ @code{unlink} for files and like @code{rmdir} for directories.
+ @code{remove} is declared in @file{stdio.h}.
+@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a rename syscall, there's an emulation with link
++@c and unlink, but it's racy, even more so if newname exists and is
++@c unlinked first.
+ The @code{rename} function renames the file @var{oldname} to
+ @var{newname}. The file formerly accessible under the name
+ @var{oldname} is afterwards accessible as @var{newname} instead. (If
+@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{mkdir} function creates a new, empty directory with name
+ @var{filename}.
+
+@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{stat} function returns information about the attributes of the
+ file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
+
+@@ -1875,6 +1987,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{stat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fstat} function is like @code{stat}, except that it takes an
+ open file descriptor as an argument instead of a file name.
+ @xref{Low-Level I/O}.
+@@ -1909,6 +2023,7 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{fstat} but is able to work on large
+ files on 32-bit platforms. For large files the file descriptor
+ @var{filedes} should be obtained by @code{open64} or @code{creat64}.
+@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
+ replaces the interface for small files on 32-bit machines.
+ @end deftypefun
+
++@c fstatat will call alloca and snprintf if the syscall is not
++@c available.
++@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat, sometimes with an xstat conv call
++@c afterwards.
+ The @code{lstat} function is like @code{stat}, except that it does not
+ follow symbolic links. If @var{filename} is the name of a symbolic
+ link, @code{lstat} returns information about the link itself; otherwise
+@@ -1936,6 +2058,9 @@ replaces the normal implementation.
+ @comment sys/stat.h
+ @comment Unix98
+ @deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct system call through lxstat64, sometimes with an xstat conv
++@c call afterwards.
+ This function is similar to @code{lstat} but it is also able to work on
+ files larger then @math{2^31} bytes on 32-bit systems. To be able to do
+ this the result is stored in a variable of type @code{struct stat64} to
+@@ -1974,12 +2099,14 @@ that file:
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISDIR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a directory.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISCHR (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a character special file (a
+ device like a terminal).
+ @end deftypefn
+@@ -1987,6 +2114,7 @@ device like a terminal).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISBLK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a block special file (a device
+ like a disk).
+ @end deftypefn
+@@ -1994,12 +2122,14 @@ like a disk).
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISREG (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a regular file.
+ @end deftypefn
+
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_ISFIFO (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a FIFO special file, or a
+ pipe. @xref{Pipes and FIFOs}.
+ @end deftypefn
+@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISLNK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a symbolic link.
+ @xref{Symbolic Links}.
+ @end deftypefn
+@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefn Macro int S_ISSOCK (mode_t @var{m})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns non-zero if the file is a socket. @xref{Sockets}.
+ @end deftypefn
+
+@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX message queues as distinct objects and the
+ file is a message queue object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX semaphores as distinct objects and the
+ file is a semaphore object, this macro returns a non-zero value.
+ In all other cases the result is zero.
+@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
+ @comment sys/stat.h
+ @comment POSIX
+ @deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ If the system implement POSIX shared memory objects as distinct objects
+ and the file is an shared memory object, this macro returns a non-zero
+ value. In all other cases the result is zero.
+@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chown} function changes the owner of the file @var{filename} to
+ @var{owner}, and its group owner to @var{group}.
+
+@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chown}, except that it changes the owner of the open
+ file with descriptor @var{filedes}.
+
+@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun mode_t umask (mode_t @var{mask})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{umask} function sets the file creation mask of the current
+ process to @var{mask}, and returns the previous value of the file
+ creation mask.
+@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
+ @comment sys/stat.h
+ @comment GNU
+ @deftypefun mode_t getumask (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ Return the current value of the file creation mask for the current
+ process. This function is a GNU extension and is only available on
+ @gnuhurdsystems{}.
+@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
+ @comment sys/stat.h
+ @comment POSIX.1
+ @deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{chmod} function sets the access permission bits for the file
+ named by @var{filename} to @var{mode}.
+
+@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This is like @code{chmod}, except that it changes the permissions of the
+ currently open file given by @var{filedes}.
+
+@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int access (const char *@var{filename}, int @var{how})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{access} function checks to see whether the file named by
+ @var{filename} can be accessed in the way specified by the @var{how}
+ argument. The @var{how} argument either can be the bitwise OR of the
+@@ -2732,6 +2874,9 @@ This is the modification time for the file.
+ @comment utime.h
+ @comment POSIX.1
+ @deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utime syscall, it non-atomically converts times
++@c to a struct timeval and calls utimes.
+ This function is used to modify the file times associated with the file
+ named @var{filename}.
+
+@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c In the absence of a utimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, or to
++@c struct utimbuf and calls utime.
+ This function sets the file access and modification times of the file
+ @var{filename}. The new file access time is specified by
+ @code{@var{tvp}[0]}, and the new modification time by
+@@ -2797,6 +2946,9 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no lutimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall.
+ This function is like @code{utimes}, except that it does not follow
+ symbolic links. If @var{filename} is the name of a symbolic link,
+ @code{lutimes} sets the file access and modification times of the
+@@ -2813,6 +2965,10 @@ function.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Since there's no futimes syscall, it non-atomically converts tvp
++@c to struct timespec array and issues a utimensat syscall, falling back
++@c to utimes on a /proc/self/fd symlink.
+ This function is like @code{utimes}, except that it takes an open file
+ descriptor as an argument instead of a file name. @xref{Low-Level
+ I/O}. This function comes from FreeBSD, and is not available on all
+@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun int truncate (const char *@var{filename}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a truncate syscall, we use open and ftruncate.
+
+ The @code{truncate} function changes the size of @var{filename} to
+ @var{length}. If @var{length} is shorter than the previous length, data
+@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try truncate if length fits.
+ This function is similar to the @code{truncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines, which allows the handling of files with sizes up to
+@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int ftruncate (int @var{fd}, off_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This is like @code{truncate}, but it works on a file descriptor @var{fd}
+ for an opened file instead of a file name to identify the object. The
+@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c In the absence of a syscall, try ftruncate if length fits.
+ This function is similar to the @code{ftruncate} function. The
+ difference is that the @var{length} argument is 64 bits wide even on 32
+ bits machines which allows the handling of files with sizes up to
+@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
+ @comment sys/stat.h
+ @comment BSD
+ @deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Instead of issuing the syscall directly, we go through xmknod.
++@c Although the internal xmknod takes a dev_t*, that could lead to
++@c xguargs races, it's passed a pointer to mknod's dev.
+ The @code{mknod} function makes a special file with name @var{filename}.
+ The @var{mode} specifies the mode of the file, and may include the various
+ special file bits, such as @code{S_IFCHR} (for a character special file)
+@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} tmpfile (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@c The unsafety issues are those of fdopen, plus fdleak because of the
++@c open.
++@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
++@c libc_secure_genenv only if try_tmpdir
++@c xstat64, strlen, strcmp, sprintf
++@c __gen_tempname (internal tmpl, __GT_FILE) ok
++@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
++@c HP_TIMING_NOW if available ok
++@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
++@c static value is used and modified without synchronization ok
++@c but the use is as a source of non-cryptographic randomness
++@c with retries in case of collision, so it should be safe
++@c unlink, fdopen
+ This function creates a temporary binary file for update mode, as if by
+ calling @code{fopen} with mode @code{"wb+"}. The file is deleted
+ automatically when it is closed or when the program terminates. (On
+@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} tmpfile64 (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{tmpfile}, but the stream it returns a
+ pointer to was opened using @code{tmpfile64}. Therefore this stream can
+ be used for files larger then @math{2^31} bytes on 32-bit machines.
+@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {char *} tmpnam (char *@var{result})
++@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
++@c The passed-in buffer should not be modified concurrently with the
++@c call.
++@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+ This function constructs and returns a valid file name that does not
+ refer to any existing file. If the @var{result} argument is a null
+ pointer, the return value is a pointer to an internal static string,
+@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {char *} tmpnam_r (char *@var{result})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ This function is nearly identical to the @code{tmpnam} function, except
+ that if @var{result} is a null pointer it returns a null pointer.
+
+@@ -3192,6 +3380,13 @@ never less than @code{25}.
+ @comment stdio.h
+ @comment SVID
+ @deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
++@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
++@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
++@c even with a non-NULL dir, which makes this thread-unsafe.
++@c
++@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
++@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
++@c strdup
+ This function generates a unique temporary file name. If @var{prefix}
+ is not a null pointer, up to five characters of this string are used as
+ a prefix for the file name. The return value is a string newly
+@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
+ @comment stdlib.h
+ @comment Unix
+ @deftypefun {char *} mktemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
+ The @code{mktemp} function generates a unique file name by modifying
+ @var{template} as described above. If successful, it returns
+ @var{template} as modified. If @code{mktemp} cannot find a unique file
+@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun int mkstemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
++@c __gen_tempname (caller tmpl, __GT_FILE) ok
+ The @code{mkstemp} function generates a unique file name just as
+ @code{mktemp} does, but it also opens the file for you with @code{open}
+ (@pxref{Opening and Closing Files}). If successful, it modifies
+@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
+ @comment stdlib.h
+ @comment BSD
+ @deftypefun {char *} mkdtemp (char *@var{template})
++@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
++@c __gen_tempname (caller tmpl, __GT_DIR) ok
+ The @code{mkdtemp} function creates a directory with a unique name. If
+ it succeeds, it overwrites @var{template} with the name of the
+ directory, and returns @var{template}. As with @code{mktemp} and
+@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
+ @xref{Creating Directories}.
+
+ The @code{mkdtemp} function comes from OpenBSD.
++
++@c FIXME these are undocumented:
++@c faccessat
++@c fchmodat
++@c fchownat
++@c futimesat
++@c fstatat
++@c linkat
++@c mkdirat
++@c mkfifoat
++@c name_to_handle_at
++@c openat
++@c open_by_handle_at
++@c readlinkat
++@c renameat
++@c scandirat
++@c symlinkat
++@c unlinkat
++@c utimensat
++@c mknodat
+diff --git a/manual/getopt.texi b/manual/getopt.texi
+index f0b7283..3c1f4de 100644
+--- a/manual/getopt.texi
++++ b/manual/getopt.texi
+@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
+ @comment unistd.h
+ @comment POSIX.2
+ @deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c It may swap argv elements but argv is not guarded, and the
++@c modifications may be partial in case of cancellation. Calling getenv
++@c also brings about thread-safety issues out of access and returning
++@c pointers into the globally shared environment array, just like
++@c calling gettext brings about a whole lot of AS and AC safety issues.
++@c The getopt API involves returning values in the non-thread-specific
++@c optarg variable, which adds another thread-safety issue. Given
++@c print_errors, it may output errors to stderr, which may
++@c self-deadlock, leak locks, or encounter (in a signal handler) or
++@c leave (in case of cancellation) stderr in an inconsistent state.
++@c Various implicit, indirect uses of malloc, in uses of memstream and
++@c asprintf for error-printing, bring about the usual malloc issues.
++@c (The explicit use of malloc in a conditional situation in
++@c _getopt_initialize is never exercised in glibc.)
++@c
++@c _getopt_internal
++@c _getopt_internal_r
++@c gettext
++@c _getopt_initialize
++@c getenv
++@c malloc if USE_NONOPTION_FLAGS, never defined in libc
++@c open_memstream
++@c lockfile, unlockfile, __fxprintf -> stderr
++@c asprintf
+ The @code{getopt} function gets the next option argument from the
+ argument list specified by the @var{argv} and @var{argc} arguments.
+ Normally these values come directly from the arguments received by
+@@ -225,6 +250,8 @@ was seen.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+ Decode options from the vector @var{argv} (whose length is @var{argc}).
+ The argument @var{shortopts} describes the short options to accept, just as
+ it does in @code{getopt}. The argument @var{longopts} describes the long
+@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
+ @comment getopt.h
+ @comment GNU
+ @deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
++@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
++@c Same issues as getopt.
+
+ The @code{getopt_long_only} function is equivalent to the
+ @code{getopt_long} function but it allows to specify the user of the
+diff --git a/manual/intro.texi b/manual/intro.texi
+index 2630a77..e47832c 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
+ @code{setlocale} should not be called while these functions are active.
+
+
++@item @code{envromt}
++@cindex envromt
++
++Functions marked with @code{envromt} access the environment with
++@code{getenv} or similar, requiring the environment to be effectively
++read-only for MT-Safe operation.
++
++Environment-modifying functions do not protect in any way against
++concurrent modifications or access, so calling @code{envromt}-marked
++functions concurrently with @code{setenv}, @code{putenv},
++@code{unsetenv} or direct modifications of the global environment data
++structures is ill-advised; external concurrency control must be
++introduced by callers of these environment-modifying and
++@code{envromt}-marked functions.
++
++Functions that modify the environment are also marked with
++@code{envromt}, but they are not MT-Safe for the reasons above. Since
++all environment-modifying functions are MT-Unsafe, functions that only
++access the environment are marked as MT-Safe when no other safety issue
++applies.
++
++
+ @item @code{uunguard}
+ @cindex uunguard
+
+@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
+ modified concurrently by other threads or signal handlers.
+
+
++@item @code{tempchwd}
++@cindex tempchwd
++
++Functions marked with @code{tempchwd} may temporarily change the current
++working directory during their execution, which may cause relative
++pathnames to be resolved in unexpected ways in other threads or within
++asynchronous signal or cancellation handlers.
++
++This is not enough of a reason to mark so-marked functions as MT-Unsafe,
++but when this behavior is optional (e.g., @code{nftw} with
++@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
++a good alternative to using full pathnames or file descriptor-relative
++(e.g. @code{openat}) system calls.
++
++
++@item @code{tempterm}
++@cindex tempterm
++
++Functions marked with @code{tempterm} may temporarily change the
++terminal settings.
++
++This would not be enough of a reason to mark so-marked functions as
++MT-Unsafe, but the recommended mode to modify terminal settings is to
++call @code{tcgetattr}, modify some flags, and then call
++@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
++they leave a window in which changes made by other threads are lost.
++
++It is thus advisable for applications using the terminal to avoid
++concurrent interactions with it, more so if they expect different
++terminal modes.
++
++If this mark appears as an AC-Safety note, it means the function may
++also fail to restore the original terminal mode in case of asynchronous
++cancellation.
++
++
+ @end itemize
+
+
+@@ -305,11 +363,37 @@ as follows:
+
+ Functions annotated with @code{staticbuf} use internal static buffers or
+ variables in ways that may cause concurrent calls to interfere
+-destructively.
++destructively.
+
+ These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+ offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
++In many of these cases, the static buffer is only used to hold a return
++value; in a few of these, such as @code{tmpnam}, the use of the internal
++buffer can be avoided by passing the buffer as an argument, which makes
++the call MT-Safe and AS-Safe.
++
++
++@item @code{asi18n}
++@cindex asi18n
++
++Functions marked with @code{asi18n} use internationalization functions
++(@code{gettext}), which brings in a number of dependencies and issues
++yet to be documented.
++
++
++@item @code{shlimb}
++@cindex shlimb
++
++Functions marked with @code{shlimb} use the dynamic loader to bring in
++additional code modules. This involves opening files, mapping them into
++memory, allocating additional memory, resolving symbols, applying
++relocations and more, all of this while holding the dynamic loader
++lock.
++
++The non-recursive lock itself is enough for the function to be AS- and
++AC-Unsafe, but many other issues may arise.
++
+
+ @item @code{fdleak}
+ @cindex fdleak
+@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
+ Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ ensure MT-Safety while modifying data structures guarded by the lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the result is a deadlock.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, the result is a deadlock.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid a deadlock if any signal handler might need
+@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
+ MT-Safety while accessing or modifying data structures guarded by the
+ lock.
+
+-If such a function is interrupted by a signal while holding the lock,
+-and the signal handler calls any function that takes the same
+-non-recursive lock, the latter function may observe a partially updated,
+-inconsistent data structure, and misbehave.
++If such a function is called by a signal handler that interrupted
++another such function that took the lock, both may misbehave for
++observing inconsistent (partially updated or cached) data structures.
+
+ Blocking asynchronous signal delivery while calling such functions is
+ the only safe way to avoid the misbehavior that may ensue if any signal
+@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
+ only safe way to avoid the misbehavior that may ensure if the thread is
+ canceled while the function is running.
+
++@c A special case, probably not worth documenting separately, involves
++@c reallocing, or even freeing pointers. Any case involving free could
++@c be easily turned into an ac-safe memleak by resetting the pointer
++@c before releasing it; I don't think we have any case that calls for
++@c this sort of fixing. Fixing the realloc cases would require a new
++@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
++@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
++@c before releasing the old memory. The ac-unsafe realloc could be
++@c implemented in terms of an internal interface with this semantics
++@c (say __acsafe_realloc), but since realloc can be overridden, the
++@c function we call to implement realloc should not be this internal
++@c interface, but another internal interface that calls __acsafe_realloc
++@c if realloc was not overridden, and calls the overridden realloc with
++@c async cancel disabled. --lxoliva
++
+
+ @item @code{simfpu}
+ @cindex simfpu
+diff --git a/manual/job.texi b/manual/job.texi
+index 4efeed3..779ea96 100644
+--- a/manual/job.texi
++++ b/manual/job.texi
+@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {char *} ctermid (char *@var{string})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This function is a stub by default; the actual implementation, for
++@c posix systems, returns an internal buffer if passed a NULL string,
++@c but the internal buffer is always set to /dev/tty.
+ The @code{ctermid} function returns a string containing the file name of
+ the controlling terminal for the current process. If @var{string} is
+ not a null pointer, it should be an array that can hold at least
+@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t setsid (void)
++@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
++@c This is usually a direct syscall, but if a syscall is not available,
++@c we use a stub, or Hurd- and BSD-specific implementations. The former
++@c uses a mutex and a hurd critical section, and the latter issues a few
++@c syscalls, so both seem safe, except for the locking on Hurd.
+ The @code{setsid} function creates a new session. The calling process
+ becomes the session leader, and is put in a new process group whose
+ process group ID is the same as the process ID of that process. There
+@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
+ @comment unistd.h
+ @comment SVID
+ @deftypefun pid_t getsid (pid_t @var{pid})
+-
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{getsid} function returns the process group ID of the session
+ leader of the specified process. If a @var{pid} is @code{0}, the
+ process group ID of the session leader of the current process is
+@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefn {POSIX.1 Function} pid_t getpgrp (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The POSIX.1 definition of @code{getpgrp} returns the process group ID of
+ the calling process.
+ @end deftypefn
+@@ -1141,6 +1153,8 @@ the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Wrapper for getpgid.
+ The BSD definition of @code{getpgrp} returns the process group ID of the
+ process @var{pid}. You can supply a value of @code{0} for the @var{pid}
+ argument to get information about the calling process.
+@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
+ @comment unistd.h
+ @comment SVID
+ @deftypefn {System V Function} int getpgid (pid_t @var{pid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+
+ @code{getpgid} is the same as the BSD function @code{getpgrp}. It
+ returns the process group ID of the process @var{pid}. You can supply a
+@@ -1171,6 +1187,8 @@ process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub or direct syscall, except on hurd, where it is equally safe.
+ The @code{setpgid} function puts the process @var{pid} into the process
+ group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
+ be zero to indicate the process ID of the calling process.
+@@ -1208,6 +1226,8 @@ process or a child of the calling process.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall or setpgid wrapper.
+ This is the BSD Unix name for @code{setpgid}. Both functions do exactly
+ the same thing.
+ @end deftypefun
+@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun pid_t tcgetpgrp (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function returns the process group ID of the foreground process
+ group associated with the terminal open on descriptor @var{filedes}.
+
+@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Stub, or ioctl on BSD and GNU/Linux.
+ This function is used to set a terminal's foreground process group ID.
+ The argument @var{filedes} is a descriptor which specifies the terminal;
+ @var{pgid} specifies the process group. The calling process must be a
+@@ -1297,6 +1321,8 @@ process.
+ @comment termios.h
+ @comment Unix98
+ @deftypefun pid_t tcgetsid (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
+ This function is used to obtain the process group ID of the session
+ for which the terminal specified by @var{fildes} is the controlling terminal.
+ If the call is successful the group ID is returned. Otherwise the
+diff --git a/manual/lang.texi b/manual/lang.texi
+index ee04e23..d6cd90c 100644
+--- a/manual/lang.texi
++++ b/manual/lang.texi
+@@ -51,6 +51,8 @@ without indicating anything might be wrong.
+ @comment assert.h
+ @comment ISO
+ @deftypefn Macro void assert (int @var{expression})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Verify the programmer's belief that @var{expression} is nonzero at
+ this point in the program.
+
+@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
+ @comment assert.h
+ @comment GNU
+ @deftypefn Macro void assert_perror (int @var{errnum})
++@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
++@c assert_fail_base calls asprintf, and fflushes stderr.
+ Similar to @code{assert}, but verifies that @var{errnum} is zero.
+
+ If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
+@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This macro initializes the argument pointer variable @var{ap} to point
+ to the first of the optional arguments of the current function;
+ @var{last-required} must be the last required argument to the function.
+@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_arg} macro returns the value of the next optional argument,
+ and modifies the value of @var{ap} to point to the subsequent argument.
+ Thus, successive uses of @code{va_arg} return successive optional
+@@ -445,6 +453,8 @@ of the actual argument.
+ @comment stdarg.h
+ @comment ISO
+ @deftypefn {Macro} void va_end (va_list @var{ap})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This ends the use of @var{ap}. After a @code{va_end} call, further
+ @code{va_arg} calls with the same @var{ap} may not work. You should invoke
+ @code{va_end} before returning from the function in which @code{va_start}
+@@ -466,6 +476,8 @@ of the same type.
+ @comment ISO
+ @deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
+ @deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ The @code{va_copy} macro allows copying of objects of type
+ @code{va_list} even if this is not an integral type. The argument pointer
+ in @var{dest} is initialized to point to the same argument as the
+@@ -1212,6 +1224,8 @@ type of a particular structure member.
+ @comment stddef.h
+ @comment ISO
+ @deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is no longer provided by glibc, but rather by the compiler.
+ This expands to a integer constant expression that is the offset of the
+ structure member named @var{member} in the structure type @var{type}.
+ For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
+diff --git a/manual/libdl.texi b/manual/libdl.texi
+new file mode 100644
+index 0000000..e3fe045
+--- /dev/null
++++ b/manual/libdl.texi
+@@ -0,0 +1,10 @@
++@c FIXME these are undocumented:
++@c dladdr
++@c dladdr1
++@c dlclose
++@c dlerror
++@c dlinfo
++@c dlmopen
++@c dlopen
++@c dlsym
++@c dlvsym
+diff --git a/manual/llio.texi b/manual/llio.texi
+index b129cf4..66370c4 100644
+--- a/manual/llio.texi
++++ b/manual/llio.texi
+@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The @code{open} function creates and returns a new file descriptor for
+ the file named by @var{filename}. Initially, the file position
+ indicator for the file is at the beginning of the file. The argument
+@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{open}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ difference is that on 32 bit systems the file is opened in the
+@@ -178,6 +180,7 @@ replaces the old API.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is obsolete. The call:
+
+ @smallexample
+@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
+ @comment fcntl.h
+ @comment Unix98
+ @deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ This function is similar to @code{creat}. It returns a file descriptor
+ which can be used to access the file named by @var{filename}. The only
+ the difference is that on 32 bit systems the file is opened in the
+@@ -219,6 +223,7 @@ replaces the old API.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int close (int @var{filedes})
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+ The function @code{close} closes the file descriptor @var{filedes}.
+ Closing a file has the following consequences:
+
+@@ -300,6 +305,7 @@ but must be a signed type.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{read} function reads up to @var{size} bytes from the file
+ with descriptor @var{filedes}, storing the results in the @var{buffer}.
+ (This is not necessarily a character string, and no terminating null
+@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, read and lseek back, but is it
++@c used anywhere?
+ The @code{pread} function is similar to the @code{read} function. The
+ first three arguments are identical, and the return values and error
+ codes also correspond.
+@@ -430,6 +440,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
++@c it used anywhere?
+ This function is similar to the @code{pread} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{write} function writes up to @var{size} bytes from
+ @var{buffer} to the file with descriptor @var{filedes}. The data in
+ @var{buffer} is not necessarily a character string and a null character is
+@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek, write and lseek back, but is it
++@c used anywhere?
+ The @code{pwrite} function is similar to the @code{write} function. The
+ first three arguments are identical, and the return values and error codes
+ also correspond.
+@@ -592,6 +611,10 @@ version 2.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c This is usually a safe syscall. The sysdeps/posix fallback emulation
++@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
++@c is it used anywhere?
+ This function is similar to the @code{pwrite} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{lseek} function is used to change the file position of the
+ file with descriptor @var{filedes}.
+
+@@ -713,6 +737,7 @@ descriptors.
+ @comment unistd.h
+ @comment Unix98
+ @deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to the @code{lseek} function. The difference
+ is that the @var{offset} parameter is of type @code{off64_t} instead of
+ @code{off_t} which makes it possible on 32 bit machines to address
+@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ The @code{fdopen} function returns a new stream for the file descriptor
+ @var{filedes}.
+
+@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
+ @comment stdio.h
+ @comment POSIX.1
+ @deftypefun int fileno (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function returns the file descriptor associated with the stream
+ @var{stream}. If an error is detected (for example, if the @var{stream}
+ is not valid) or if @var{stream} does not do I/O to a file,
+@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
+ @comment stdio.h
+ @comment GNU
+ @deftypefun int fileno_unlocked (FILE *@var{stream})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fileno_unlocked} function is equivalent to the @code{fileno}
+ function except that it does not implicitly lock the stream if the state
+ is @code{FSETLOCKING_INTERNAL}.
+@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+-
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer into which data is read, if the total read size is
++@c too large for alloca.
+ The @code{readv} function reads data from @var{filedes} and scatters it
+ into the buffers described in @var{vector}, which is taken to be
+ @var{count} structures long. As each buffer is filled, data is sent to the
+@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
+ @comment sys/uio.h
+ @comment BSD
+ @deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@c The fallback sysdeps/posix implementation, used even on GNU/Linux
++@c with old kernels that lack a full readv/writev implementation, may
++@c malloc the buffer from which data is written, if the total write size
++@c is too large for alloca.
+
+ The @code{writev} function gathers data from the buffers described in
+ @var{vector}, which is taken to be @var{count} structures long, and writes
+@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{mmap} function creates a new mapping, connected to bytes
+ (@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
+@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
+ @comment sys/mman.h
+ @comment LFS
+ @deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
++@c is) would be thread-unsafe.
+ The @code{mmap64} function is equivalent to the @code{mmap} function but
+ the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
+ this allows the file associated with the @var{filedes} descriptor to be
+@@ -1284,6 +1325,7 @@ replaces the old API.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int munmap (void *@var{addr}, size_t @var{length})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ @code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
+ @var{length}). @var{length} should be the length of the mapping.
+@@ -1310,6 +1352,7 @@ aligned.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ When using shared mappings, the kernel can write the file at any time
+ before the mapping is removed. To be certain data has actually been
+@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
+ @comment sys/mman.h
+ @comment GNU
+ @deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to change the size of an existing memory
+ area. @var{address} and @var{length} must cover a region entirely mapped
+@@ -1405,6 +1449,7 @@ Coding Standards}.
+ @comment sys/mman.h
+ @comment POSIX
+ @deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ This function can be used to provide the system with @var{advice} about
+ the intended usage patterns of the memory region starting at @var{addr}
+@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_ZERO (fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro initializes the file descriptor set @var{set} to be the
+ empty set.
+ @end deftypefn
+@@ -1538,6 +1584,9 @@ empty set.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro adds @var{filedes} to the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1547,6 +1596,9 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Setting a bit isn't necessarily atomic, so there's a potential race
++@c here if set is not used exclusively.
+ This macro removes @var{filedes} from the file descriptor set @var{set}.
+
+ The @var{filedes} parameter must not have side effects since it is
+@@ -1556,6 +1608,7 @@ evaluated more than once.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This macro returns a nonzero value (true) if @var{filedes} is a member
+ of the file descriptor set @var{set}, and zero (false) otherwise.
+
+@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
+ @comment sys/types.h
+ @comment BSD
+ @deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c The select syscall is preferred, but pselect6 may be used instead,
++@c which requires converting timeout to a timespec and back. The
++@c conversions are not atomic.
+ The @code{select} function blocks the calling process until there is
+ activity on any of the specified sets of file descriptors, or until the
+ timeout period has expired.
+@@ -1670,6 +1727,7 @@ they return.
+ @comment unistd.h
+ @comment X/Open
+ @deftypefun void sync (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ A call to this function will not return as long as there is data which
+ has not been written to the device. All dirty buffers in the kernel will
+ be written and so an overall consistent system can be achieved (if no
+@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fsync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fsync} function can be used to make sure all data associated with
+ the open file @var{fildes} is written to the device associated with the
+ descriptor. The function call does not return unless all actions have
+@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
+ @comment unistd.h
+ @comment POSIX
+ @deftypefun int fdatasync (int @var{fildes})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ When a call to the @code{fdatasync} function returns, it is ensured
+ that all of the file data is written to the device. For all pending I/O
+ operations, the parts guaranteeing data integrity finished.
+@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_read (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Calls aio_enqueue_request.
++@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_self ok
++@c pthread_getschedparam selfdeadlock, lockleak
++@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
++@c sched_getparam ok
++@c sched_getscheduler ok
++@c lll_unlock lockleak
++@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
++@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
++@c realloc asmalloc, memleak
++@c calloc asmalloc, memleak
++@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
++@c pthread_attr_init ok
++@c pthread_attr_setdetachstate ok
++@c pthread_get_minstack ok
++@c pthread_attr_setstacksize ok
++@c sigfillset ok
++@c memset ok
++@c sigdelset ok [xguargs, but the caller's sigset is automatic]
++@c SYSCALL rt_sigprocmask ok
++@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c alloca/malloc asmalloc, memleak
++@c lll_unlock lockleak
++@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c getpagesize dup
++@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
++@c lll_unlock lockleak
++@c _dl_allocate_tls asmalloc, memleak
++@c _dl_allocate_tls_storage asmalloc, memleak
++@c memalign asmalloc, memleak
++@c memset ok
++@c allocate_dtv dup
++@c free asmalloc, memleak
++@c allocate_dtv asmalloc, memleak
++@c calloc asmalloc, memleak
++@c INSTALL_DTV ok
++@c list_add dup
++@c get_cached_stack
++@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
++@c list_for_each ok
++@c list_entry dup
++@c FREE_P dup
++@c stack_list_del dup
++@c stack_list_add dup
++@c lll_unlock lockleak
++@c _dl_allocate_tls_init ok
++@c GET_DTV ok
++@c mmap ok
++@c atomic_increment_val ok
++@c munmap ok
++@c change_stack_perm ok
++@c mprotect ok
++@c mprotect ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c THREAD_COPY_STACK_GUARD ok
++@c THREAD_COPY_POINTER_GUARD ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_lock (state_cache_lock) selfdeadlock, lockleak
++@c stack_list_del ok
++@c atomic_write_barrier ok
++@c list_del ok [uunguard]
++@c atomic_write_barrier ok
++@c queue_stack asmalloc, memleak
++@c stack_list_add ok
++@c atomic_write_barrier ok
++@c list_add ok [uunguard]
++@c atomic_write_barrier ok
++@c free_stacks asmalloc, memleak
++@c list_for_each_prev_safe ok
++@c list_entry ok
++@c FREE_P ok
++@c stack_list_del dup
++@c _dl_deallocate_tls dup
++@c munmap ok
++@c _dl_deallocate_tls asmalloc, memleak
++@c free asmalloc, memleak
++@c lll_unlock lockleak
++@c create_thread selfdeadlock, asmalloc, lockleak, memleak
++@c td_eventword
++@c td_eventmask
++@c do_clone selfdeadlock, asmalloc, lockleak, memleak
++@c PREPARE_CREATE ok
++@c lll_lock (pd->lock) selfdeadlock, lockleak
++@c atomic_increment ok
++@c clone ok
++@c atomic_decrement ok
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c deallocate_stack dup
++@c sched_setaffinity ok
++@c tgkill ok
++@c sched_setscheduler ok
++@c atomic_compare_and_exchange_bool_acq ok
++@c nptl_create_event ok
++@c lll_unlock (pd->lock) lockleak
++@c free asmalloc, memleak
++@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
++@c add_request_to_runlist ok [xguargs]
++@c pthread_cond_signal ok
++@c aio_free_request ok [xguargs]
++@c pthread_mutex_unlock lockleak
++
++@c (in the new thread, initiated with clone)
++@c start_thread ok
++@c HP_TIMING_NOW ok
++@c ctype_init [glocale] (in theory, but optimized into safety)
++@c atomic_exchange_acq ok
++@c lll_futex_wake ok
++@c sigemptyset ok
++@c sigaddset ok
++@c setjmp ok
++@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
++@c do_cancel ok
++@c pthread_unwind ok
++@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
++@c lll_lock selfdeadlock, lockleak
++@c lll_unlock selfdeadlock, lockleak
++@c CANCEL_RESET -> pthread_disable_asynccancel ok
++@c lll_futex_wait ok
++@c ->start_routine ok -----
++@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
++@c user-supplied dtor
++@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
++@c rtld_lock_unlock_recursive lockleak
++@c free asmalloc, memleak
++@c nptl_deallocate_tsd asmalloc, memleak
++@c tsd user-supplied dtors ok
++@c free asmalloc, memleak
++@c libc_thread_freeres
++@c libc_thread_subfreeres ok
++@c atomic_decrement_and_test ok
++@c td_eventword ok
++@c td_eventmask ok
++@c atomic_compare_exchange_bool_acq ok
++@c nptl_death_event ok
++@c lll_robust_dead ok
++@c getpagesize ok
++@c madvise ok
++@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
++@c free asmalloc, memleak
++@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
++@c lll_futex_wait ok
++@c exit_thread_inline ok
++@c syscall(exit) ok
++
+ This function initiates an asynchronous read operation. It
+ immediately returns after the operation was enqueued or when an
+ error was encountered.
+@@ -1988,6 +2200,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_read} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{aio_read64} uses
+@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_write (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function initiates an asynchronous write operation. The function
+ call immediately returns after the operation was enqueued or if before
+ this happens an error was encountered.
+@@ -2072,6 +2286,7 @@ replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{aio_write} function. The only
+ difference is that on @w{32 bit} machines the file descriptor should
+ be opened in the large file mode. Internally @code{aio_write64} uses
+@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
++@c enqueues each request. Then, it waits for notification or prepares
++@c for it before releasing the lock. Even though it performs memory
++@c allocation and locking of its own, it doesn't add any classes of
++@c safety issues that aren't already covered by aio_enqueue_request.
+ The @code{lio_listio} function can be used to enqueue an arbitrary
+ number of read and write requests at one time. The requests can all be
+ meant for the same file, all for different files or every solution in
+@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to the @code{lio_listio} function. The only
+ difference is that on @w{32 bit} machines, the file descriptor should
+ be opened in the large file mode. Internally, @code{lio_listio64} uses
+@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_error (const struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function determines the error state of the request described by the
+ @code{struct aiocb} variable pointed to by @var{aiocbp}. If the
+ request has not yet terminated the value returned is always
+@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_error} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2238,6 +2462,7 @@ machines.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function can be used to retrieve the return status of the operation
+ carried out by the request described in the variable pointed to by
+ @var{aiocbp}. As long as the error status of this request as returned
+@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function is similar to @code{aio_return} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check that the FD is open, it calls
++@c aio_enqueue_request.
+ Calling this function forces all I/O operations operating queued at the
+ time of the function call operating on the file descriptor
+ @code{aiocbp->aio_fildes} into the synchronized I/O completion state
+@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_fsync} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c Take aio_requests_mutex, set up waitlist and requestlist, wait
++@c for completion or timeout, and release the mutex.
+ When calling this function, the calling thread is suspended until at
+ least one of the requests pointed to by the @var{nent} elements of the
+ array @var{list} has completed. If any of the requests has already
+@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+ This function is similar to @code{aio_suspend} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
+ @comment aio.h
+ @comment POSIX.1b
+ @deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c After fcntl to check the fd is open, hold aio_requests_mutex, call
++@c aio_find_req_fd, aio_remove_request, then aio_notify and
++@c aio_free_request each request before releasing the lock.
++@c aio_notify calls aio_notify_only and free, besides cond signal or
++@c similar. aio_notify_only calls pthread_attr_init,
++@c pthread_attr_setdetachstate, malloc, pthread_create,
++@c notify_func_wrapper, aio_sigqueue, getpid, raise.
++@c notify_func_wraper calls aio_start_notify_thread, free and then the
++@c notifier function.
+ The @code{aio_cancel} function can be used to cancel one or more
+ outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
+ function tries to cancel all of the outstanding requests which would process
+@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
+ @comment aio.h
+ @comment Unix98
+ @deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
++@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+ This function is similar to @code{aio_cancel} with the only difference
+ that the argument is a reference to a variable of type @code{struct
+ aiocb64}.
+@@ -2529,6 +2774,8 @@ Unused.
+ @comment aio.h
+ @comment GNU
+ @deftypefun void aio_init (const struct aioinit *@var{init})
++@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
++@c All changes to global objects are guarded by aio_requests_mutex.
+ This function must be called before any other AIO function. Calling it
+ is completely voluntary, as it is only meant to help the AIO
+ implementation perform better.
+@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
+ @comment fcntl.h
+ @comment POSIX.1
+ @deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ The @code{fcntl} function performs the operation specified by
+ @var{command} on the file descriptor @var{filedes}. Some commands
+ require additional arguments to be supplied. These additional arguments
+@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup (int @var{old})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies descriptor @var{old} to the first available
+ descriptor number (the first number not currently open). It is
+ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
+ @comment unistd.h
+ @comment POSIX.1
+ @deftypefun int dup2 (int @var{old}, int @var{new})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+ This function copies the descriptor @var{old} to descriptor number
+ @var{new}.
+
+@@ -3631,6 +3881,7 @@ different headers.
+ @comment sys/ioctl.h
+ @comment BSD
+ @deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
+
+ The @code{ioctl} function performs the generic I/O operation
+ @var{command} on @var{filedes}.
+@@ -3650,3 +3901,6 @@ unknown device.
+ Most IOCTLs are OS-specific and/or only used in special system utilities,
+ and are thus beyond the scope of this document. For an example of the use
+ of an IOCTL, see @ref{Out-of-Band Data}.
++
++@c FIXME this is undocumented:
++@c dup3
+diff --git a/manual/locale.texi b/manual/locale.texi
+index 323268d..da50d18 100644
+--- a/manual/locale.texi
++++ b/manual/locale.texi
+@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
+ @comment locale.h
+ @comment ISO
+ @deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+-@safety{@mtunsafe{uunguard}}
+-@c This function is MT-Safe, but uses of the global locale object are
+-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+-@c the use of this function once threads are started.
++@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
++@c Uses of the global locale object are unguarded in functions that
++@c ought to be MT-Safe, so we're ruling out the use of this function
++@c once threads are started. It takes a write lock itself, but it may
++@c return a pointer loaded from the global locale object after releasing
++@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
++@c and free, and _nl_find_locale, which amount to all documented safety
++@c issues. It also calls new_composite_name, setdata, and setname,
++@c without any additional issues. _nl_find_locale calls getenv, ...
++This function returns a pointer read
+ The function @code{setlocale} sets the current locale for category
+ @var{category} to @var{locale}. A list of all the locales the system
+ provides can be created by running
+diff --git a/manual/resource.texi b/manual/resource.texi
+index 1ec7af2..71b08f7 100644
+--- a/manual/resource.texi
++++ b/manual/resource.texi
+@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
+ @comment sys/resource.h
+ @comment BSD
+ @deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems.
+ Read the current and maximum limits for the resource @var{resource}
+ and store them in @code{*@var{rlp}}.
+
+@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
+ @comment sys/resource.h
+ @comment Unix98
+ @deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
+ This function is similar to @code{getrlimit} but its second parameter is
+ a pointer to a variable of type @code{struct rlimit64}, which allows it
+ to read values which wouldn't fit in the member of a @code{struct
+@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
+ @comment unistd.h
+ @comment BSD
+ @deftypefun int getpagesize (void)
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
++@c the exception, with the possibility of a syscall.
+ The @code{getpagesize} function returns the page size of the process.
+ This value is fixed for the runtime of the process but can vary in
+ different runs of the application.
+@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_phys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This fopens a /proc file and scans it for the requested information.
+ The @code{get_phys_pages} function returns the total number of pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1569,6 +1578,7 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun {long int} get_avphys_pages (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+ The @code{get_phys_pages} function returns the number of available pages of
+ physical the system has. To get the amount of memory this number has to
+ be multiplied by the page size.
+@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs_conf (void)
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
++@c This function reads from from /sys using dir streams (single user, so
++@c no staticbuf MT-Safety issue), and on some arches, from /proc using
++@c streams.
+ The @code{get_nprocs_conf} function returns the number of processors the
+ operating system configured.
+
+@@ -1623,6 +1637,8 @@ This function is a GNU extension.
+ @comment sys/sysinfo.h
+ @comment GNU
+ @deftypefun int get_nprocs (void)
++@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
++@c This function reads from /proc using file descriptor I/O.
+ The @code{get_nprocs} function returns the number of available processors.
+
+ This function is a GNU extension.
+diff --git a/manual/search.texi b/manual/search.texi
+index efd3604..6910edc 100644
+--- a/manual/search.texi
++++ b/manual/search.texi
+@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
+ @comment stdlib.h
+ @comment ISO
+ @deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
++@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
+ The @var{qsort} function sorts the array @var{array}. The array contains
+ @var{count} elements, each of which is of size @var{size}.
+
+@@ -436,6 +437,11 @@ in the header file @file{search.h}.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
++@c The tree is not modified in a thread-safe manner, and rotations may
++@c leave the tree in an inconsistent state that could be observed in an
++@c asynchronous signal handler or after asynchronous cancellation of the
++@c thread performing the rotation or the insertion.
+ The @code{tsearch} function searches in the tree pointed to by
+ @code{*@var{rootp}} for an element matching @var{key}. The function
+ pointed to by @var{compar} is used to determine whether two elements
+@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+ The @code{tfind} function is similar to the @code{tsearch} function. It
+ locates an element matching the one pointed to by @var{key} and returns
+ a pointer to this element. But if no matching element is available no
+@@ -479,6 +486,7 @@ elements.
+ @comment search.h
+ @comment SVID
+ @deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
++@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+ To remove a specific element matching @var{key} from the tree
+ @code{tdelete} can be used. It locates the matching element using the
+ same method as @code{tfind}. The corresponding element is then removed
+@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
+ @comment search.h
+ @comment GNU
+ @deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
++@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+ If the complete search tree has to be removed one can use
+ @code{tdestroy}. It frees all resources allocated by the @code{tsearch}
+ function to generate the tree pointed to by @var{vroot}.
+@@ -546,6 +555,7 @@ The current node is a leaf.
+ @comment search.h
+ @comment SVID
+ @deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
++@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
+ For each node in the tree with a node pointed to by @var{root}, the
+ @code{twalk} function calls the function provided by the parameter
+ @var{action}. For leaf nodes the function is called exactly once with
+diff --git a/manual/startup.texi b/manual/startup.texi
+index a277714..7bbaf13 100644
+--- a/manual/startup.texi
++++ b/manual/startup.texi
+@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
+ The difference to the @code{setenv} function is that the exact string
+ given as the parameter @var{string} is put into the environment. If the
+ user should change the string after the @code{putenv} call this will
+-reflect in automatically in the environment. This also requires that
+-@var{string} is no automatic variable which scope is left before the
++reflect automatically in the environment. This also requires that
++@var{string} not be an automatic variable whose scope is left before the
+ variable is removed from the environment. The same applies of course to
+ dynamically allocated variables which are freed later.
+
+diff --git a/manual/stdio.texi b/manual/stdio.texi
+index 7809dd4..79a3340 100644
+--- a/manual/stdio.texi
++++ b/manual/stdio.texi
+@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
+ @comment stdio.h
+ @comment ISO
+ @deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+ @c fopen may leak the list lock if cancelled within _IO_link_in.
+ The @code{fopen} function opens a stream for I/O to the file
+ @var{filename}, and returns a pointer to the stream.
+@@ -267,7 +267,7 @@ Locks}.
+ @comment stdio.h
+ @comment Unix98
+ @deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+ This function is similar to @code{fopen} but the stream it returns a
+ pointer for is opened using @code{open64}. Therefore this stream can be
+ used even on files larger then @math{2^31} bytes on 32 bit machines.
+@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
+ @comment stdio.h
+ @comment ISO
+ @deftypefun int fclose (FILE *@var{stream})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+ @c After fclose, it is undefined behavior to use the stream it points
+ @c to. Therefore, one must only call fclose when the stream is
+ @c otherwise unused. Concurrent uses started before will complete
+@@ -2662,6 +2662,42 @@ pointer @var{ap}.
+ @c case of cancellation. This doesn't make it unsafe, but cancelling it
+ @c may leak memory. The unguarded use of __printf_function_table is
+ @c also of concern for all callers.
++@c _itoa ok
++@c _udiv_qrnnd_preinv ok
++@c group_number ok
++@c _i18n_number_rewrite
++@c __wctrans ok
++@c __towctrans glocale
++@c __wcrtomb ok? dup below
++@c outdigit_value ok
++@c outdigitwc_value ok
++@c outchar ok
++@c outstring ok
++@c PAD ok
++@c __printf_fp glocale memleak
++@c __printf_fphex glocale
++@c __readonly_area
++@c [GNU/Linux] fopen, strtoul, free
++@c __strerror_r ok if no translation, check otherwise
++@c __btowc ? gconv-modules
++@c __wcrtomb ok (not using internal state) gconv-modules
++@c ARGCHECK
++@c UNBUFFERED_P (tested before taking the stream lock)
++@c buffered_vfprintf ok
++@c __find_spec(wc|mb)
++@c read_int
++@c __libc_use_alloca
++@c process_arg
++@c process_string_arg
++@c extend_alloca
++@c __parse_one_spec(wc|mb)
++@c *__printf_arginfo_table unguarded
++@c __printf_va_arg_table-> unguarded
++@c *__printf_function_table unguarded
++@c done_add
++@c printf_unknown
++@c outchar
++@c _itoa_word
+ This is the equivalent of @code{fprintf} with the variable argument list
+ specified directly as for @code{vprintf}.
+ @end deftypefun
+@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+ @c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+ @c bringing with it additional potential for async trouble with
+ @c list_all_lock.
+@@ -5076,7 +5112,7 @@ Got r
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
+ This function opens a stream for writing to a buffer. The buffer is
+ allocated dynamically and grown as necessary, using @code{malloc}.
+ After you've closed the stream, this buffer is your responsibility to
+@@ -5192,7 +5228,7 @@ closed.
+ @comment stdio.h
+ @comment GNU
+ @deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
++@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+ This function actually creates the stream for communicating with the
+ @var{cookie} using the functions in the @var{io-functions} argument.
+ The @var{opentype} argument is interpreted as for @code{fopen};
+diff --git a/manual/string.texi b/manual/string.texi
+index 246be84..a75d298 100644
+--- a/manual/string.texi
++++ b/manual/string.texi
+@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
+ @comment string.h
+ @comment GNU
+ @deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
++@c Calls isdigit multiple times, locale may change in between.
+ The @code{strverscmp} function compares the string @var{s1} against
+ @var{s2}, considering them as holding indices/version numbers. The
+ return value follows the same conventions as found in the
+@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
+ @comment string.h
+ @comment ISO
+ @deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
++@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
++@c Adjust alphasort one safety info is determined.
+ The @code{strcoll} function is similar to @code{strcmp} but uses the
+ collating sequence of the current locale for collation (the
+ @code{LC_COLLATE} locale).
+diff --git a/manual/terminal.texi b/manual/terminal.texi
+index 9e9c057..7f62a4e 100644
+--- a/manual/terminal.texi
++++ b/manual/terminal.texi
+@@ -264,6 +264,9 @@ array.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the kernel-returned termios data structure to the userland
++@c format does not ensure atomic or consistent writing.
+ This function is used to examine the attributes of the terminal
+ device with file descriptor @var{filedes}. The attributes are returned
+ in the structure that @var{termios-p} points to.
+@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
+ @comment termios.h
+ @comment POSIX.1
+ @deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
++@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
++@c Converting the incoming termios data structure to the kernel format
++@c does not ensure atomic or consistent reading.
+ This function sets the attributes of the terminal device with file
+ descriptor @var{filedes}. The new attributes are taken from the
+ structure that @var{termios-p} points to.
+diff --git a/manual/threads.texi b/manual/threads.texi
+index a23ac26..19bfad6 100644
+--- a/manual/threads.texi
++++ b/manual/threads.texi
+@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
+ data destructors or even as members of the thread-specific data, since the
+ latter is passed as an argument to the destructor function.
+
++@c FIXME: use @deftypefun for these.
+ @item int pthread_key_delete (pthread_key_t @var{key})
+ Destroy the thread-specific data @var{key} in the calling thread. The
+ destructor for the thread-specific data is not called during destruction, nor
+@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
+ The system does not have sufficient memory.
+ @end table
+ @end deftypefun
++
++@c FIXME these are undocumented:
++@c pthread_atfork
++@c pthread_attr_destroy
++@c pthread_attr_getaffinity_np
++@c pthread_attr_getdetachstate
++@c pthread_attr_getguardsize
++@c pthread_attr_getinheritsched
++@c pthread_attr_getschedparam
++@c pthread_attr_getschedpolicy
++@c pthread_attr_getscope
++@c pthread_attr_getstack
++@c pthread_attr_getstackaddr
++@c pthread_attr_getstacksize
++@c pthread_attr_init
++@c pthread_attr_setaffinity_np
++@c pthread_attr_setdetachstate
++@c pthread_attr_setguardsize
++@c pthread_attr_setinheritsched
++@c pthread_attr_setschedparam
++@c pthread_attr_setschedpolicy
++@c pthread_attr_setscope
++@c pthread_attr_setstack
++@c pthread_attr_setstackaddr
++@c pthread_attr_setstacksize
++@c pthread_barrierattr_destroy
++@c pthread_barrierattr_getpshared
++@c pthread_barrierattr_init
++@c pthread_barrierattr_setpshared
++@c pthread_barrier_destroy
++@c pthread_barrier_init
++@c pthread_barrier_wait
++@c pthread_cancel
++@c pthread_cleanup_push
++@c pthread_cleanup_pop
++@c pthread_condattr_destroy
++@c pthread_condattr_getclock
++@c pthread_condattr_getpshared
++@c pthread_condattr_init
++@c pthread_condattr_setclock
++@c pthread_condattr_setpshared
++@c pthread_cond_broadcast
++@c pthread_cond_destroy
++@c pthread_cond_init
++@c pthread_cond_signal
++@c pthread_cond_timedwait
++@c pthread_cond_wait
++@c pthread_create
++@c pthread_detach
++@c pthread_equal
++@c pthread_exit
++@c pthread_getaffinity_np
++@c pthread_getattr_np
++@c pthread_getconcurrency
++@c pthread_getcpuclockid
++@c pthread_getname_np
++@c pthread_getschedparam
++@c pthread_join
++@c pthread_kill
++@c pthread_kill_other_threads_np
++@c pthread_mutexattr_destroy
++@c pthread_mutexattr_getkind_np
++@c pthread_mutexattr_getprioceiling
++@c pthread_mutexattr_getprotocol
++@c pthread_mutexattr_getpshared
++@c pthread_mutexattr_getrobust
++@c pthread_mutexattr_getrobust_np
++@c pthread_mutexattr_gettype
++@c pthread_mutexattr_init
++@c pthread_mutexattr_setkind_np
++@c pthread_mutexattr_setprioceiling
++@c pthread_mutexattr_setprotocol
++@c pthread_mutexattr_setpshared
++@c pthread_mutexattr_setrobust
++@c pthread_mutexattr_setrobust_np
++@c pthread_mutexattr_settype
++@c pthread_mutex_consistent
++@c pthread_mutex_consistent_np
++@c pthread_mutex_destroy
++@c pthread_mutex_getprioceiling
++@c pthread_mutex_init
++@c pthread_mutex_lock
++@c pthread_mutex_setprioceiling
++@c pthread_mutex_timedlock
++@c pthread_mutex_trylock
++@c pthread_mutex_unlock
++@c pthread_once
++@c pthread_rwlockattr_destroy
++@c pthread_rwlockattr_getkind_np
++@c pthread_rwlockattr_getpshared
++@c pthread_rwlockattr_init
++@c pthread_rwlockattr_setkind_np
++@c pthread_rwlockattr_setpshared
++@c pthread_rwlock_destroy
++@c pthread_rwlock_init
++@c pthread_rwlock_rdlock
++@c pthread_rwlock_timedrdlock
++@c pthread_rwlock_timedwrlock
++@c pthread_rwlock_tryrdlock
++@c pthread_rwlock_trywrlock
++@c pthread_rwlock_unlock
++@c pthread_rwlock_wrlock
++@c pthread_self
++@c pthread_setaffinity_np
++@c pthread_setcancelstate
++@c pthread_setcanceltype
++@c pthread_setconcurrency
++@c pthread_setname_np
++@c pthread_setschedparam
++@c pthread_setschedprio
++@c pthread_sigmask
++@c pthread_sigqueue
++@c pthread_spin_destroy
++@c pthread_spin_init
++@c pthread_spin_lock
++@c pthread_spin_trylock
++@c pthread_spin_unlock
++@c pthread_testcancel
++@c pthread_timedjoin_np
++@c pthread_tryjoin_np
++@c pthread_yield
+diff --git a/manual/time.texi b/manual/time.texi
+index ff31e28..3967b24 100644
+--- a/manual/time.texi
++++ b/manual/time.texi
+@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
+ @comment sys/time.h
+ @comment BSD
+ @deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
++@safety{@mtsafe{}@assafe{}@acsafe{}}
++@c On most GNU/Linux systems this is a direct syscall, but the posix/
++@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
++@c localtime_r, saving and restoring tzname in an unsafe manner.
++@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
++@c for vdso resolution. ifunc-vdso-revisit.
+ The @code{gettimeofday} function returns the current calendar time as
+ the elapsed time since the epoch in the @code{struct timeval} structure
+ indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
diff --git a/patches/manual-document-mt-safety.patch b/patches/manual-document-mt-safety.patch
new file mode 100644
index 0000000..09977f1
--- /dev/null
+++ b/patches/manual-document-mt-safety.patch
@@ -0,0 +1,386 @@
+Bottom: 13f15f706fb1ff430a99cba2788b2c38389fb60e
+Top: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:35 -0300
+
+Thread safety documentation.
+
+for ChangeLog
+
+ * manual/macros.texi: Introduce macros to document thread
+ safety properties.
+ * manual/intro.texi: Introduce the properties themselves.
+
+
+---
+
+diff --git a/manual/intro.texi b/manual/intro.texi
+index deaf089..2630a77 100644
+--- a/manual/intro.texi
++++ b/manual/intro.texi
+@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
+ @comment <wordexp.h> (not yet implemented)
+ @comment confstr
+
++The safety properties of @glibcadj{} functions, documented as MT-, AS-
++and AC- -Safe and -Unsafe are assessed according to the criteria set
++forth in the POSIX standard for Multi-Thread, Async-Signal and
++Async-Cancel safety.
++
++Intuitive definition of these properties, that attempt to capture
++the meaning of the standard definitions, follow:
++
++@itemize @bullet
++
++@item
++@cindex MT-Safe
++MT-Safe functions are safe to call in the presence of other threads. MT
++stands for Multi Thread.
++
++@item
++@cindex AS-Safe
++AS-Safe functions are safe to call from asynchronous signal handlers.
++AS stands for Asynchronous Signal.
++
++@item
++@cindex AC-Safe
++AC-Safe functions are safe to call when asynchronous cancellation is
++enabled. AC stands for Asynchronous Cancellation.
++
++@item
++@cindex MT-Unsafe
++@cindex AS-Unsafe
++@cindex AC-Unsafe
++MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
++the contexts described above: they may cause deviations from the
++specification in the behavior of the calls themselves, or of any other
++concurrent, ongoing or subsequent calls.
++
++Functions not explicitly documented as Safe should be regarded as
++Unsafe.
++
++@end itemize
++
++By ``safe to call'', we mean that, as long as the program does not
++invoke undefined or unspecified behavior, the called functions will
++behave as documented, and they won't cause any other functions to
++deviate from their documented behavior.
++
++Although we strive to abide by the standards, in some cases our
++implementation is safe even when the standard does not demand safety,
++and in other cases our implementation does not meet the standard safety
++requirements. At this point, we document the result of an assessment of
++the properties of our implementation, so the safety documentation in
++this manual is not to be regarded as a promise of future behavior: in
++future releases, functions that are documented as safe may become
++unsafe, and safety constraints may be removed or introduced. We
++envision turning the results of the assessment into a set of promises as
++stable as our interfaces, but we're not there yet.
++
++When a function is safe to call only under certain constraints, we will
++add keywords to the safety notes whose meanings are defined as follows:
++
++@itemize @bullet
++
++@c glocale-revisit
++@item @code{glocale}
++@cindex glocale
++
++In threads that have not overridden the thread-local locale object by
++calling @code{uselocale}, calling functions annotated with
++@code{glocale} concurrently with @code{setlocale} may cause the
++functions to behave in ways that don't correspond to either the previous
++or the subsequent global locale.
++
++Although the @code{setlocale} function modifies the global locale object
++while holding a lock, @code{glocale}-annotated functions may access this
++global object multiple times, without any measures to ensure it doesn't
++change while it's in use.
++
++Each of these unprotected uses will use either the previous or the
++subsequent locale information, so they won't cause crashes or access to
++uninitialized, unmapped or recycled memory. However, since some cases
++use cached locale information while others access the effective locale
++object anew, concurrent changes to the global locale object may cause
++these functions to behave in ways that they could not behave should the
++execution of @code{setlocale} and of the so-annotated functions be
++atomic, or even should @code{setlocale} alone be atomic.
++
++The @code{glocale} constraint indicates functions are only safe to call
++if the effective thread-local locale is not the global locale object
++(because it was overridden with @code{uselocale}). Failing that,
++@code{setlocale} should not be called while these functions are active.
++
++
++@item @code{uunguard}
++@cindex uunguard
++
++Functions marked with @code{uunguard} modify non-atomically arguments or
++global objects that other functions access without synchronization. To
++ensure MT- and AS-Safe behavior, callers should refrain from calling
++so-marked functions concurrently with users of the corresponding
++objects.
++
++Unguarded users of the global locale object modified by @code{setlocale}
++are marked with @code{glocale}.
++
++Unguarded users of the @code{printf} extension objects modified by
++@code{register_printf_function} are the entire family of printf
++functions.
++
++Unguarded users of streams configured with @code{__fsetlocking} for
++locking by the caller are the entire family of stdio functions.
++
++
++@item @code{xguargs}
++@cindex xguargs
++
++Functions marked with @code{xguargs} may use or modify objects passed as
++arguments without any guards to ensure consistency. To ensure MT- and
++AS-Safe behavior, callers must ensure that the objects passed in are not
++modified concurrently by other threads or signal handlers.
++
++
++@end itemize
++
++
++Additional safety issues that cannot be worked around by constraining
++the program are also documented with keywords, whose meaning is defined
++as follows:
++
++@itemize @bullet
++
++@item @code{staticbuf}
++@cindex staticbuf
++
++Functions annotated with @code{staticbuf} use internal static buffers or
++variables in ways that may cause concurrent calls to interfere
++destructively.
++
++These functions are all MT-Unsafe and AC-Unsafe. However, many of them
++offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
++
++
++@item @code{fdleak}
++@cindex fdleak
++
++Functions annotated with @code{fdleak} may leak file descriptors if
++asynchronous thread cancellation interrupts their execution.
++
++Functions that allocate or deallocate file descriptors will generally be
++marked as such, because even if they attempted to protect the file
++descriptor allocation and deallocation with cleanup regions, allocating
++a new descriptor and storing its number where the cleanup region could
++release it cannot be performed as a single atomic operation, just like
++releasing it and taking it out of the data structure normally
++responsible for releasing it cannot be performed atomically, always
++leaving a window in which the descriptor cannot be released because it
++wasn't stored in the cleanup handler argument yet, or in which it was
++already taken out of it before releasing it in the normal flow (we
++cannot keep it there because, in case of cancellation, we wouldn't be
++able to tell whether it was already released, and the same number could
++have been already assigned to another descriptor by another thread, so
++we couldn't just release it again).
++
++Such leaks could be internally avoided, with some performance penalty,
++by temporarily disabling asynchronous thread cancellation. However,
++since callers of allocation or deallocation functions would have to do
++this themselves, to avoid the same sort of leak in their own layer, it
++makes more sense for the library to assume they are taking care of it
++than to impose a performance penalty that is redundant when the problem
++is solved in upper layers, and insufficient when it isn't.
++
++This remark by itself does not cause a function to be regarded as
++AC-Unsafe. However, cummulative effects of such leaks may pose a
++problem for some programs. If this is the case, suspending asynchronous
++cancellation for the duration of calls to such functions is recommended.
++
++
++@item @code{memleak}
++@cindex memleak
++
++Functions annotated with @code{memleak} may leak memory if asynchronous
++thread cancellation interrupts their execution.
++
++The problem is similar to that of file descriptors: there is no atomic
++interface to allocate memory and store its address in the argument to a
++cleanup handler, or to release it and remove its address from that
++argument, without at least temporarily disabling asynchronous
++cancellation, which these functions do not do.
++
++This remark does not by itself cause a function to be regarded as
++generally AC-Unsafe. However, cummulative effects of such leaks may be
++severe enough for some programs that disabling asynchronous cancellation
++for the duration of calls to such functions may be required.
++
++
++@item @code{lockleak}
++@cindex lockleak
++
++Functions annotated with @code{lockleak} may leak locks if asynchronous
++thread cancellation interrupts their execution.
++
++While the problem is similar to that of file descriptors, in that there
++is not any atomic interface to lock and take note of the need for
++unlocking in a cleanup, or to unlock and take note that there is no
++longer such a need, the problem posed by lock leaks is far more serious:
++when a file descriptor or a piece of memory is leaked, it becomes
++inaccessible and subsequent attempts to allocate a file descriptor or
++some memory will just use another resource. However, once a lock is
++left taken, attempts to take that lock will block indefinitely.
++(Recursive locks will only block other threads, and read locks will only
++block writer threads, but the point still holds in general).
++
++For the reasons above, functions that leak locks are all AC-Unsafe.
++
++
++@item @code{selfdeadlock}
++@cindex selfdeadlock
++
++Functions marked with @code{selfdeadlock} take a non-recursive lock to
++ensure MT-Safety while modifying data structures guarded by the lock.
++
++If such a function is interrupted by a signal while holding the lock,
++and the signal handler calls any function that takes the same
++non-recursive lock, the result is a deadlock.
++
++Blocking asynchronous signal delivery while calling such functions is
++the only safe way to avoid a deadlock if any signal handler might need
++to call them.
++
++
++@item @code{asynconsist}
++@cindex asynconsist
++
++Functions marked with @code{asynconsist} take a recursive lock to ensure
++MT-Safety while accessing or modifying data structures guarded by the
++lock.
++
++If such a function is interrupted by a signal while holding the lock,
++and the signal handler calls any function that takes the same
++non-recursive lock, the latter function may observe a partially updated,
++inconsistent data structure, and misbehave.
++
++Blocking asynchronous signal delivery while calling such functions is
++the only safe way to avoid the misbehavior that may ensue if any signal
++handler might need to call them.
++
++
++@item @code{asmalloc}
++@cindex asmalloc
++
++This is a sub-case of @code{asynconsist}. Functions marked with
++@code{asmalloc} perform memory allocation or deallocation with the
++@code{malloc}/@code{free} family of functions.
++
++If heap management functions are interrupted by asynchronous signals,
++and the signal handlers attempt to perform memory allocation or
++deallocation of their own, they may encounter heap data structures in a
++partially updated state, and the interrupted calls may malfunction
++because of the changes made within the signal handler.
++
++
++@item @code{incansist}
++@cindex incansist
++
++Functions marked with @code{incansist} modify data structures in a
++non-atomic way.
++
++If such a function is asynchronously canceled, it may leave the data
++structure in a partially updated, inconsistent state. Subsequent uses
++of the data structure may misbehave.
++
++Disabling asynchronous cancelation while calling such functions is the
++only safe way to avoid the misbehavior that may ensure if the thread is
++canceled while the function is running.
++
++
++@item @code{simfpu}
++@cindex simfpu
++
++Functions annotated with @code{simfpu} may misbehave on powerpc ports in
++which the floating-point unit is disabled and floating point simulation
++is used instead. On such platforms, @theglibc{} uses global variables
++to hold floating-point exceptions, rounding modes and disabled
++exceptions, rather than thread-local state. This is a @glibcadj{} bug.
++
++Furthermore, even if this bug is fixed, the emulation of floating-point
++control and status registers will not go as far as saving and restoring
++these emulated registers across asynchronous signal handlers. Indeed,
++although most platforms preserve floating-point context as part of the
++thread context, preserving control and status words is not mandatory:
++standards recommend that programs that modify them within signal
++handlers restore them to the original state before returning.
++
++This note does not cause functions to be marked as MT-Unsafe, even
++though, on the affected platform, they are MT-Unsafe indeed.
++
++
++@item @code{unposix}
++@cindex unposix
++
++This remark indicates our safety documentation is known to differ from
++the requirements set by the POSIX standard. For example, POSIX does not
++require a function to be Safe, but our implementation is Safe, or
++vice-versa.
++
++For the time being, the absence of this remark does not imply the safety
++propertes we documentated are identical to those mandated by POSIX for
++the corresponding functions.
++
++@end itemize
++
+
+ @node Berkeley Unix, SVID, POSIX, Standards and Portability
+ @subsection Berkeley Unix
+diff --git a/manual/macros.texi b/manual/macros.texi
+index daaf1c0..6955f32 100644
+--- a/manual/macros.texi
++++ b/manual/macros.texi
+@@ -47,4 +47,46 @@ GNU/Hurd systems
+ GNU/Linux systems
+ @end macro
+
++@c Document a function as thread safe.
++@macro mtsafe {comments}
++| MT-Safe \comments\
++|
++@end macro
++@c Document a function as thread unsafe.
++@macro mtunsafe {comments}
++| MT-Unsafe \comments\
++|
++@end macro
++@c Document a function as safe for use in asynchronous signal handlers.
++@macro assafe {comments}
++| AS-Safe \comments\
++|
++@end macro
++@c Document a function as unsafe for use in asynchronous signal
++@c handlers. This distinguishes unmarked functions, for which this
++@c property has not been assessed, from those that have been analyzed.
++@macro asunsafe {comments}
++| AS-Unsafe \comments\
++|
++@end macro
++@c Document a function as safe for use when asynchronous cancellation is
++@c enabled.
++@macro acsafe {comments}
++| AC-Safe \comments\
++|
++@end macro
++@c Document a function as unsafe for use when asynchronous cancellation
++@c is enabled. This distinguishes unmarked functions, for which this
++@c property has not been assessed, from those that have been analyzed.
++@macro acunsafe {comments}
++| AC-Unsafe \comments\
++|
++@end macro
++@c Format the thread and async safety properties of a function.
++@macro safety {notes}
++\notes\
++
++
++@end macro
++
+ @end ifclear
diff --git a/patches/powerpc-nofpu-sim-note-nothread.patch b/patches/powerpc-nofpu-sim-note-nothread.patch
new file mode 100644
index 0000000..fb9723a
--- /dev/null
+++ b/patches/powerpc-nofpu-sim-note-nothread.patch
@@ -0,0 +1,67 @@
+Bottom: 4efc67610afbdb4ae5fe31b2b904569f7a82116e
+Top: 83a97471a9f798dbf70f921529bea532c0632478
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:36 -0300
+
+Note that powerpc fpu emulation status is not thread- or signal-safe.
+
+for ports/ChangeLog.powerpc
+
+ PR 15483
+ * sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
+ the need for thread-specific variables preserved across signal
+ handlers.
+ * sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
+ * sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
+
+
+---
+
+diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
+index fc061d0..e167033 100644
+--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
++++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
+@@ -21,6 +21,11 @@
+ #include "soft-fp.h"
+ #include "soft-supp.h"
+
++/* FIXME: these variables should be thread specific (see bugzilla bug
++ 15483) and ideally preserved across signal handlers, like hardware
++ FP status words, but the latter is quite difficult to accomplish in
++ userland. */
++
+ /* Global to store sticky exceptions. */
+ int __sim_exceptions __attribute__ ((nocommon));
+ libc_hidden_data_def (__sim_exceptions);
+diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
+index b9638bb..64a3d2a 100644
+--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
++++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
+@@ -26,6 +26,11 @@ typedef union
+ } fenv_union_t;
+
+
++/* FIXME: these variables should be thread specific (see bugzilla bug
++ 15483) and ideally preserved across signal handlers, like hardware
++ FP status words, but the latter is quite difficult to accomplish in
++ userland. */
++
+ extern int __sim_exceptions;
+ libc_hidden_proto (__sim_exceptions);
+ extern int __sim_disabled_exceptions;
+diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+index c2a190e..508d869 100644
+--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
++++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+@@ -54,6 +54,11 @@
+ #define FP_ROUNDMODE __sim_round_mode
+ #define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+
++/* FIXME: these variables should be thread specific (see bugzilla bug
++ 15483) and ideally preserved across signal handlers, like hardware
++ FP status words, but the latter is quite difficult to accomplish in
++ userland. */
++
+ extern int __sim_exceptions;
+ libc_hidden_proto (__sim_exceptions);
+ extern int __sim_disabled_exceptions;
diff --git a/patches/unused-scalb-is-scalbn.patch b/patches/unused-scalb-is-scalbn.patch
new file mode 100644
index 0000000..2e01b9a
--- /dev/null
+++ b/patches/unused-scalb-is-scalbn.patch
@@ -0,0 +1,75 @@
+Bottom: 83a97471a9f798dbf70f921529bea532c0632478
+Top: 58842960ffbf63afb50845d77d86b584785bfb5d
+Author: Alexandre Oliva <aoliva@redhat.com>
+Date: 2013-06-26 10:46:37 -0300
+
+Rename unused scalb to scalbn to match prototype.
+
+for ChangeLog
+
+ * sysdeps/ieee754/support.c (scalbn): Rename from
+ wrongly-typed scalb. Adjust all callers. Apparently unused.
+
+
+---
+
+diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
+index 00476c0..0bbd892f 100644
+--- a/sysdeps/ieee754/support.c
++++ b/sysdeps/ieee754/support.c
+@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
+ static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
+ #endif /* defined(vax)||defined(tahoe) */
+
+-double scalb(x,N)
++double scalbn(x,N)
+ double x; int N;
+ {
+ int k;
+@@ -106,7 +106,7 @@ double x; int N;
+ if( (k= *px & mexp ) != mexp ) {
+ if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
+ if( k == 0 ) {
+- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
++ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
+ #endif /* defined(vax)||defined(tahoe) */
+
+ if((k = (k>>gap)+ N) > 0 )
+@@ -115,7 +115,7 @@ double x; int N;
+ else
+ if( k > -prep1 )
+ /* gradual underflow */
+- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
++ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
+ else
+ return(nunf*nunf);
+ }
+@@ -228,7 +228,7 @@ double x,p;
+
+ else if ( ((*pp & mexp)>>gap) <= 1 )
+ /* subnormal p, or almost subnormal p */
+- { double b; b=scalb(1.0,(int)prep1);
++ { double b; b=scalbn(1.0,(int)prep1);
+ p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
+ else if ( p >= novf/2)
+ { p /= 2 ; x /= 2; return(drem(x,p)*2);}
+@@ -294,8 +294,8 @@ double x;
+
+ /* scale x to [1,4) */
+ n=logb(x);
+- x=scalb(x,-n);
+- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
++ x=scalbn(x,-n);
++ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
+ m += n;
+ n = m/2;
+ if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
+@@ -326,7 +326,7 @@ double x;
+ b=1.0+r/4; if(b>1.0) t=1;
+ if(t>=0) q+=r; }
+
+-end: return(scalb(q,n));
++end: return(scalbn(q,n));
+ }
+
+ #if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
commit 08d66cf64dcb2bce1a99e163cd4941e2c77b4a37
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:48 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/???.texi: Document thread safety properties.
diff --git a/manual/argp.texi b/manual/argp.texi
index c9fbe97..5322f91 100644
--- a/manual/argp.texi
+++ b/manual/argp.texi
@@ -36,6 +36,35 @@ needed in @code{main}.
@comment argp.h
@comment GNU
@deftypefun {error_t} argp_parse (const struct argp *@var{argp}, int @var{argc}, char **@var{argv}, unsigned @var{flags}, int *@var{arg_index}, void *@var{input})
+@safety{@mtunsafe{xguargs, envromt}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Optionally alloca()tes standard help options, initializes the parser,
+@c then parses individual args in a loop, and then finalizes.
+@c parser_init
+@c calc_sizes ok
+@c option_is_end ok
+@c malloc
+@c parser_convert glocale
+@c convert_options glocale
+@c option_is_end ok
+@c option_is_short ok
+@c isprint, but locale may change within the loop
+@c find_long_option ok
+@c group_parse
+@c group->parser (from argp->parser)
+@c parser_parse_next
+@c getopt_long(_only)_r many issues, same as non_r minus staticbuf
+@c parser_parse_arg
+@c group_parse
+@c parser_parse_opt
+@c group_parse
+@c argp_error
+@c dgettext (bad key error)
+@c parser_finalize
+@c group_parse
+@c fprintf
+@c dgettext
+@c arg_state_help
+@c free
The @code{argp_parse} function parses the arguments in @var{argv}, of
length @var{argc}, using the argp parser @var{argp}. @xref{Argp
Parsers}. Passing a null pointer for @var{argp} is the same as using
@@ -660,6 +689,8 @@ parser function. @xref{Argp Parsing State}.
@comment argp.h
@comment GNU
@deftypefun void argp_usage (const struct argp_state *@var{state})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls argp_state_help with stderr and ARGP_HELP_STD_USAGE.
Outputs the standard usage message for the argp parser referred to by
@var{state} to @code{@var{state}->err_stream} and terminate the program
with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@@ -669,6 +700,13 @@ with @code{exit (argp_err_exit_status)}. @xref{Argp Global Variables}.
@comment argp.h
@comment GNU
@deftypefun void argp_error (const struct argp_state *@var{state}, const char *@var{fmt}, @dots{})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Lock stream, vasprintf the formatted message into a buffer, print the
+@c buffer prefixed by the short program name (in libc,
+@c argp_short_program_name is a macro that expands to
+@c program_invocation_short_name), releases the buffer, then call
+@c argp_state_help with stream and ARGP_HELP_STD_ERR, unlocking the
+@c stream at the end.
Prints the printf format string @var{fmt} and following args, preceded
by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
--help}} message, and terminates the program with an exit status of
@@ -679,6 +717,12 @@ by the program name and @samp{:}, and followed by a @w{@samp{Try @dots{}
@comment argp.h
@comment GNU
@deftypefun void argp_failure (const struct argp_state *@var{state}, int @var{status}, int @var{errnum}, const char *@var{fmt}, @dots{})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc}@acunsafe{lockleak, incansist, memleak}}
+@c Lock stream, write out the short program name, vasprintf the optional
+@c formatted message to a buffer, print the buffer prefixed by colon and
+@c blank, release the buffer, call strerror_r with an automatic buffer,
+@c print it out after colon and blank, put[w]c a line break, unlock the
+@c stream, then exit unless ARGP_NO_EXIT.
Similar to the standard gnu error-reporting function @code{error}, this
prints the program name and @samp{:}, the printf format string
@var{fmt}, and the appropriate following args. If it is non-zero, the
@@ -695,6 +739,141 @@ for options, bad phase of the moon, etc.
@comment argp.h
@comment GNU
@deftypefun void argp_state_help (const struct argp_state *@var{state}, FILE *@var{stream}, unsigned @var{flags})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help with the short program name and optionally exit.
+@c The main problems in _help, besides the usual issues with stream I/O
+@c and translation, are the use of a static buffer (uparams) that makes
+@c the whole thing thread-unsafe, reading from the environment for
+@c ARGP_HELP_FMT, accessing the locale object multiple times.
+
+@c _help envromt, staticbuf (uparams), glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c flockfile lockleak
+@c funlockfile lockleak
+@c fill_in_uparams envromt, staticbuf (uparams), glocale, asynconsist, asmalloc, lockleak, incansist, memleak
+@c argp_failure dup (status = errnum = 0)
+@c atoi dup
+@c argp_hol asmalloc, memleak
+@c make_hol asmalloc, memleak
+@c hol_add_cluster asmalloc, memleak
+@c hol_append asmalloc, memleak
+@c hol_set_group ok
+@c hol_find_entry ok
+@c hol_sort glocale, asmalloc, memleak
+@c qsort asmalloc, memleak
+@c hol_entry_qcmp glocale
+@c hol_entry_cmp glocale
+@c group_cmp ok
+@c hol_cluster_cmp ok
+@c group_cmp ok
+@c hol_entry_first_short glocale
+@c hol_entry_short_iterate [glocale]
+@c until_short ok
+@c oshort ok
+@c isprint ok
+@c odoc ok
+@c hol_entry_first_long ok
+@c canon_doc_option glocale
+@c tolower dup
+@c hol_usage glocale, asi18n, asmalloc, memleak
+@c hol_entry_short_iterate ok
+@c add_argless_short_opt ok
+@c argp_fmtstream_printf dup
+@c hol_entry_short_iterate glocale, asi18n, asmalloc, memleak
+@c usage_argful_short_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_entry_long_iterate glocale, asi18n, asmalloc, memleak
+@c usage_long_opt glocale, asi18n, asmalloc, memleak
+@c dgettext dup
+@c argp_fmtstream_printf dup
+@c hol_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c hol_entry_help glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_wmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c comma glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_putc dup
+@c hol_cluster_is_child ok
+@c argp_fmtstream_wmargin dup
+@c print_header dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c indent_to dup
+@c argp_fmtstream_putc dup
+@c arg glocale, asmalloc, memleak
+@c argp_fmtstream_printf dup
+@c odoc dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_printf dup
+@c print_header glocale, staticbuf (uparams), asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c indent_to dup
+@c argp_fmtstream_set_lmargin dup
+@c argp_fmtstream_set_wmargin dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c filter_doc dup
+@c argp_fmtstream_point dup
+@c indent_to glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_putc dup
+@c dgettext dup
+@c filter_doc dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_puts dup
+@c free dup
+@c hol_free asmalloc, memleak
+@c free dup
+@c argp_args_levels ok
+@c argp_args_usage glocale, asi18n, asmalloc, asynconsist, memleak, incansist, lockleak
+@c dgettext dup
+@c filter_doc ok
+@c argp_input ok
+@c argp->help_filter
+@c space glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_point dup
+@c argp_fmtstream_rmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_putc dup
+@c argp_fmtstream_write dup
+@c free dup
+@c argp_doc glocale, asmalloc, asi18n, asynconsist, memleak, incansist, lockleak
+@c dgettext asi18n
+@c strndup asmalloc, memleak
+@c argp_input dup
+@c argp->help_filter
+@c argp_fmtstream_putc glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure dup
+@c argp_fmtstream_write dup
+@c argp_fmtstream_puts dup
+@c argp_fmtstream_point glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_lmargin dup
+@c free dup
+@c argp_make_fmtstream asmalloc, memleak
+@c argp_fmtstream_free glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update glocale, asynconsist, incansist, lockleak
+@c put[w]c_unlocked dup
+@c isblank in loop glocale
+@c fxprintf lockleak
+@c fxprintf lockleak
+@c free dup
+@c argp_fmtstream_set_wmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_printf glocale, asmalloc, memleak
+@c argp_fmtstream_ensure dup
+@c vsnprintf dup
+@c argp_fmtstream_set_lmargin glocale, asynconsist, incansist, lockleak
+@c argp_fmtstream_update dup
+@c argp_fmtstream_puts glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_write glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_ensure glocale, asmalloc, asynconsist, memleak, incansist, lockleak
+@c argp_fmtstream_update dup
+@c fxprintf lockleak
+@c realloc asmalloc, memleak
Outputs a help message for the argp parser referred to by @var{state},
to @var{stream}. The @var{flags} argument determines what sort of help
message is produced. @xref{Argp Help Flags}.
@@ -928,6 +1107,8 @@ program options, argp offers the @code{argp_help} interface.
@comment argp.h
@comment GNU
@deftypefun void argp_help (const struct argp *@var{argp}, FILE *@var{stream}, unsigned @var{flags}, char *@var{name})
+@safety{@mtunsafe{staticbuf, envromt, glocale}@asunsafe{asmalloc, asi18n, asynconsist}@acunsafe{memleak, incansist, lockleak}}
+@c Just calls _help.
This outputs a help message for the argp parser @var{argp} to
@var{stream}. The type of messages printed will be determined by
@var{flags}.
diff --git a/manual/arith.texi b/manual/arith.texi
index 833e0c9..5c3aa9d 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -323,6 +323,7 @@ floating-point number a variable holds.
@comment math.h
@comment ISO
@deftypefn {Macro} int fpclassify (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is a generic macro which works on all floating-point types and
which returns a value of type @code{int}. The possible values are:
@@ -359,6 +360,7 @@ You should therefore use the specific macros whenever possible.
@comment math.h
@comment ISO
@deftypefn {Macro} int isfinite (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite: not plus or
minus infinity, and not NaN. It is equivalent to
@@ -373,6 +375,7 @@ floating-point type.
@comment math.h
@comment ISO
@deftypefn {Macro} int isnormal (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is finite and normalized.
It is equivalent to
@@ -384,6 +387,7 @@ It is equivalent to
@comment math.h
@comment ISO
@deftypefn {Macro} int isnan (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is NaN. It is equivalent
to
@@ -395,6 +399,7 @@ to
@comment math.h
@comment GNU
@deftypefn {Macro} int issignaling (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value if @var{x} is a signaling NaN
(sNaN). It is based on draft TS 18661 and currently enabled as a GNU
extension.
@@ -2443,6 +2448,32 @@ as well.
@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
@c mpn, but it's all safe.
+@c
+@c round_and_return
+@c get_rounding_mode ok
+@c mpn_add_1 ok
+@c mpn_rshift ok
+@c MPN_ZERO ok
+@c MPN2FLOAT -> mpn_construct_(float|double|long_double) ok
+@c str_to_mpn
+@c mpn_mul_1 -> umul_ppmm ok
+@c mpn_add_1 ok
+@c mpn_lshift_1 -> mpn_lshift ok
+@c STRTOF_INTERNAL
+@c MPN_VAR ok
+@c SET_MANTISSA ok
+@c STRNCASECMP ok, wide and narrow
+@c round_and_return ok
+@c mpn_mul ok
+@c mpn_addmul_1 ok
+@c ... mpn_sub
+@c mpn_lshift ok
+@c udiv_qrnnd ok
+@c count_leading_zeros ok
+@c add_ssaaaa ok
+@c sub_ddmmss ok
+@c umul_ppmm ok
+@c mpn_submul_1 ok
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
diff --git a/manual/charset.texi b/manual/charset.texi
index e21502e..7e6c416 100644
--- a/manual/charset.texi
+++ b/manual/charset.texi
@@ -504,6 +504,8 @@ sequence points. Communication protocols often require this.
@comment wchar.h
@comment ISO
@deftypefun int mbsinit (const mbstate_t *@var{ps})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c ps is dereferenced once, unguarded. Potential harmless data race.
The @code{mbsinit} function determines whether the state object pointed
to by @var{ps} is in the initial state. If @var{ps} is a null pointer or
the object is in the initial state the return value is nonzero. Otherwise
@@ -559,6 +561,14 @@ that is beyond the range @math{0} to @math{127}.
@comment wchar.h
@comment ISO
@deftypefun wint_t btowc (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls btowc_fct or __fct; reads from locale, and from the
+@c get_gconv_fcts result multiple times. get_gconv_fcts calls
+@c __wcsmbs_load_conv to initialize the ctype if it's null.
+@c wcsmbs_load_conv takes a non-recursive wrlock before allocating
+@c memory for the fcts structure, initializing it, and then storing it
+@c in the locale object. The initialization involves dlopening and a
+@c lot more.
The @code{btowc} function (``byte to wide character'') converts a valid
single byte character @var{c} in the initial shift state into the wide
character equivalent using the conversion rules from the currently
@@ -615,6 +625,7 @@ There is also a function for the conversion in the other direction.
@comment wchar.h
@comment ISO
@deftypefun int wctob (wint_t @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctob} function (``wide character to byte'') takes as the
parameter a valid wide character. If the multibyte representation for
this character in the initial state is exactly one byte long, the return
@@ -634,6 +645,7 @@ and they also do not require it to be in the initial state.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrtowc (wchar_t *restrict @var{pwc}, const char *restrict @var{s}, size_t @var{n}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
@cindex stateful
The @code{mbrtowc} function (``multibyte restartable to wide
character'') converts the next multibyte character in the string pointed
@@ -728,6 +740,7 @@ function that does part of the work.
@comment wchar.h
@comment ISO
@deftypefun size_t mbrlen (const char *restrict @var{s}, size_t @var{n}, mbstate_t *@var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbrlen} function (``multibyte restartable length'') computes
the number of at most @var{n} bytes starting at @var{s}, which form the
next valid and complete multibyte character.
@@ -811,6 +824,50 @@ doing the work twice.
@comment wchar.h
@comment ISO
@deftypefun size_t wcrtomb (char *restrict @var{s}, wchar_t @var{wc}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c wcrtomb uses a static, non-thread-local unguarded state variable when
+@c PS is NULL. When a state is passed in, and it's not used
+@c concurrently in other threads, this function behaves safely as long
+@c as gconv modules don't bring MT safety issues of their own.
+@c Attempting to load gconv modules or to build conversion chains in
+@c signal handlers may encounter gconv databases or caches in a
+@c partially-updated state, and asynchronous cancellation may leave them
+@c in such states, besides leaking the lock that guards them.
+@c get_gconv_fcts ok
+@c wcsmbs_load_conv ok
+@c norm_add_slashes ok
+@c wcsmbs_getfct ok
+@c gconv_find_transform ok
+@c gconv_read_conf (libc_once)
+@c gconv_lookup_cache ok
+@c find_module_idx ok
+@c find_module ok
+@c gconv_find_shlib (ok)
+@c ->init_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c do_lookup_alias ok
+@c find_derivation ok
+@c derivation_lookup ok
+@c increment_counter ok
+@c gconv_find_shlib ok
+@c step->init_fct (assumed ok)
+@c gen_steps ok
+@c gconv_find_shlib ok
+@c dlopen (presumed ok)
+@c dlsym (presumed ok)
+@c step->init_fct (assumed ok)
+@c step->end_fct (assumed ok)
+@c gconv_get_builtin_trans ok
+@c gconv_release_step ok
+@c add_derivation ok
+@c gconv_close_transform ok
+@c gconv_release_step ok
+@c step->end_fct (assumed ok)
+@c gconv_release_shlib ok
+@c dlclose (presumed ok)
+@c gconv_release_cache ok
+@c ->tomb->__fct (assumed ok)
The @code{wcrtomb} function (``wide character restartable to
multibyte'') converts a single wide character into a multibyte string
corresponding to that wide character.
@@ -955,6 +1012,7 @@ extensions that can help in some important situations.
@comment wchar.h
@comment ISO
@deftypefun size_t mbsrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsrtowcs} function (``multibyte string restartable to wide
character string'') converts an NUL-terminated multibyte character
string at @code{*@var{src}} into an equivalent wide character string,
@@ -1039,6 +1097,7 @@ length and passing this length to the function.
@comment wchar.h
@comment ISO
@deftypefun size_t wcsrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsrtombs} function (``wide character string restartable to
multibyte string'') converts the NUL-terminated wide character string at
@code{*@var{src}} into an equivalent multibyte character string and
@@ -1084,6 +1143,7 @@ array size (the @var{len} parameter).
@comment wchar.h
@comment GNU
@deftypefun size_t mbsnrtowcs (wchar_t *restrict @var{dst}, const char **restrict @var{src}, size_t @var{nmc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbsnrtowcs} function is very similar to the @code{mbsrtowcs}
function. All the parameters are the same except for @var{nmc}, which is
new. The return value is the same as for @code{mbsrtowcs}.
@@ -1136,6 +1196,7 @@ of the given buffer, there is no problem with altering the state.
@comment wchar.h
@comment GNU
@deftypefun size_t wcsnrtombs (char *restrict @var{dst}, const wchar_t **restrict @var{src}, size_t @var{nwc}, size_t @var{len}, mbstate_t *restrict @var{ps})
+@safety{@mtunsafe{staticbuf (if ps is null)}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcsnrtombs} function implements the conversion from wide
character strings to multibyte character strings. It is similar to
@code{wcsrtombs} but, just like @code{mbsnrtowcs}, it takes an extra
@@ -1280,6 +1341,7 @@ conversion functions.}
@comment stdlib.h
@comment ISO
@deftypefun int mbtowc (wchar_t *restrict @var{result}, const char *restrict @var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mbtowc} (``multibyte to wide character'') function when called
with non-null @var{string} converts the first multibyte character
beginning at @var{string} to its corresponding wide character code. It
@@ -1314,6 +1376,7 @@ shift state. @xref{Shift State}.
@comment stdlib.h
@comment ISO
@deftypefun int wctomb (char *@var{string}, wchar_t @var{wchar})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wctomb} (``wide character to multibyte'') function converts
the wide character code @var{wchar} to its corresponding multibyte
character sequence, and stores the result in bytes starting at
@@ -1353,6 +1416,7 @@ terms of @code{mbtowc}.
@comment stdlib.h
@comment ISO
@deftypefun int mblen (const char *@var{string}, size_t @var{size})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{mblen} function with a non-null @var{string} argument returns
the number of bytes that make up the multibyte character beginning at
@var{string}, never examining more than @var{size} bytes. (The idea is
@@ -1391,6 +1455,9 @@ suffer from the same problems as their reentrant counterparts from
@comment stdlib.h
@comment ISO
@deftypefun size_t mbstowcs (wchar_t *@var{wstring}, const char *@var{string}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Odd... Although this is in the non-reentrant section, the state
+@c object is automatic, not a static buffer.
The @code{mbstowcs} (``multibyte string to wide character string'')
function converts the null-terminated string of multibyte characters
@var{string} to an array of wide character codes, storing not more than
@@ -1431,6 +1498,7 @@ mbstowcs_alloc (const char *string)
@comment stdlib.h
@comment ISO
@deftypefun size_t wcstombs (char *@var{string}, const wchar_t *@var{wstring}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
The @code{wcstombs} (``wide character string to multibyte string'')
function converts the null-terminated wide character array @var{wstring}
into a string containing multibyte characters, storing not more than
@@ -1618,6 +1686,16 @@ The first step is the function to create a handle.
@comment iconv.h
@comment XPG2
@deftypefun iconv_t iconv_open (const char *@var{tocode}, const char *@var{fromcode})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, fdleak, shlimb}}
+@c Calls malloc if tocode and/or fromcode are too big for alloca. Calls
+@c strip and upstr on both, then gconv_open. strip and upstr call
+@c isalnum_l and toupper_l with the C locale. gconv_open may MT-safely
+@c tokenize toset, replace unspecified codesets with the current locale
+@c (posibly two different accesses), and finally it calls
+@c gconv_find_transform and initializes the gconv_t result with all the
+@c steps in the conversion sequence, running each one's initializer,
+@c destructing and releasing them all if anything fails.
+
The @code{iconv_open} function has to be used before starting a
conversion. The two parameters this function takes determine the
source and destination character set for the conversion, and if the
@@ -1682,6 +1760,12 @@ conversion is not needed anymore.
@comment iconv.h
@comment XPG2
@deftypefun int iconv_close (iconv_t @var{cd})
+@safety{@mtsafe{}@asunsafe{asynconsist, asmalloc, selfdeadlock, shlimb}@acunsafe{incansist, lockleak, memleak, shlimb}}
+@c Calls gconv_close to destruct and release each of the conversion
+@c steps, release the gconv_t object, then call gconv_close_transform.
+@c Access to the gconv_t object is not guarded, but calling iconv_close
+@c concurrently with any other use is undefined.
+
The @code{iconv_close} function frees all resources associated with the
handle @var{cd}, which must have been returned by a successful call to
the @code{iconv_open} function.
@@ -1708,6 +1792,10 @@ even file to file can be implemented on top of it.
@comment iconv.h
@comment XPG2
@deftypefun size_t iconv (iconv_t @var{cd}, char **@var{inbuf}, size_t *@var{inbytesleft}, char **@var{outbuf}, size_t *@var{outbytesleft})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c Without guarding access to the gconv_t object pointed to by cd, call
+@c the conversion function to convert inbuf or flush the internal
+@c conversion state.
@cindex stateful
The @code{iconv} function converts the text in the input buffer
according to the rules associated with the descriptor @var{cd} and
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..edbb2fd 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -288,6 +288,17 @@ constants are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} sysconf (int @var{parameter})
+@safety{@mtsafe{envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak, fdleak}}
+@c Some parts of the implementation open /proc and /sys files and dirs
+@c to collect system details, using fd and stream I/O depending on the
+@c case. _SC_TZNAME_MAX calls __tzname_max, that (while holding a lock)
+@c calls tzset_internal, that calls getenv if it's called the first
+@c time; there are free and strdup calls in there too. The returned max
+@c value may change over time for TZNAME_MAX, depending on selected
+@c timezones; NPROCS, NPROCS_CONF, PHYS_PAGES, AVPHYS_PAGES,
+@c NGROUPS_MAX, SIGQUEUE_MAX, depending on variable values read from
+@c /proc at each call, and from rlimit-obtained values CHILD_MAX,
+@c OPEN_MAX, ARG_MAX, SIGQUEUE_MAX.
This function is used to inquire about runtime system parameters. The
@var{parameter} argument should be one of the @samp{_SC_} symbols listed
below.
@@ -1342,6 +1353,11 @@ argument are declared in the header file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} pathconf (const char *@var{filename}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c When __statfs_link_max finds an ext* filesystem, it may read
+@c /proc/mounts or similar as a mntent stream.
+@c __statfs_chown_restricted may read from
+@c /proc/sys/fs/xfs/restrict_chown as a file descriptor.
This function is used to inquire about the limits that apply to
the file named @var{filename}.
@@ -1369,6 +1385,8 @@ support the @var{parameter} for the specific file.
@comment unistd.h
@comment POSIX.1
@deftypefun {long int} fpathconf (int @var{filedes}, int @var{parameter})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, fdleak, memleak}}
+@c Same caveats as pathconf.
This is just like @code{pathconf} except that an open file descriptor
is used to specify the file for which information is requested, instead
of a file name.
@@ -1615,6 +1633,7 @@ system with the function @code{confstr}:
@comment unistd.h
@comment POSIX.2
@deftypefun size_t confstr (int @var{parameter}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function reads the value of a string-valued system parameter,
storing the string into @var{len} bytes of memory space starting at
@var{buf}. The @var{parameter} argument should be one of the
diff --git a/manual/crypt.texi b/manual/crypt.texi
index ef90590..5c9f6f7 100644
--- a/manual/crypt.texi
+++ b/manual/crypt.texi
@@ -92,7 +92,13 @@ in a convenient way.
@comment unistd.h
@comment BSD
@deftypefun {char *} getpass (const char *@var{prompt})
-
+@safety{@mtunsafe{tempterm}@asunsafe{asmalloc, selfdeadlock, asynconsist}@acunsafe{tempterm, lockleak, incansist}}
+@c This function will attempt to create a stream for terminal I/O, but
+@c will fallback to stdio/stderr. It attempts to change the terminal
+@c mode in a thread-unsafe way, write out the prompt, read the password,
+@c then restore the terminal mode. It has a cleanup to close the stream
+@c in case of (synchronous) cancellation, but not to restore the
+@c terminal mode.
@code{getpass} outputs @var{prompt}, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
@file{/dev/tty}, if possible, to encourage users not to put plaintext
@@ -127,6 +133,13 @@ The substitute takes the same parameters as @code{getline}
@comment crypt.h
@comment BSD, SVID
@deftypefun {char *} crypt (const char *@var{key}, const char *@var{salt})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Besides the obvious problem of returning a pointer into static
+@c storage, the DES initializer takes an internal lock with the usual
+@c set of problems for AS- and AC-Safety. The FIPS mode checker and the
+@c NSS implementations of may leak file descriptors if canceled. The
+@c The MD5, SHA256 and SHA512 implementations will malloc on long keys,
+@c and NSS relies on dlopening, which brings about another can of worms.
The @code{crypt} function takes a password, @var{key}, as a string, and
a @var{salt} character array which is described below, and returns a
@@ -188,6 +201,9 @@ for a password and prints ``Access granted.'' if the user types
@comment crypt.h
@comment GNU
@deftypefun {char *} crypt_r (const char *@var{key}, const char *@var{salt}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock, asmalloc, shlimb}@acunsafe{lockleak, memleak, shlimb}}
+@c Compared with crypt, this function fixes the staticbuf problem, but
+@c nothing else.
The @code{crypt_r} function does the same thing as @code{crypt}, but
takes an extra parameter which includes space for its result (among
@@ -233,6 +249,11 @@ specifies the unused bits.
@comment crypt.h
@comment BSD, SVID
@deftypefun void setkey (const char *@var{key})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c The static buffer stores the key, making it fundamentally
+@c thread-unsafe. The locking issues are only in the initialization
+@c path; cancelling the initialization will leave the lock held, it
+@c would otherwise repeat the initialization on the next call.
The @code{setkey} function sets an internal data structure to be an
expanded form of @var{key}. @var{key} is specified as an array of 64
@@ -244,6 +265,8 @@ parity.
@comment crypt.h
@comment BSD, SVID
@deftypefun void encrypt (char *@var{block}, int @var{edflag})
+@safety{@mtunsafe{staticbuf}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
+@c Same issues as setkey.
The @code{encrypt} function encrypts @var{block} if
@var{edflag} is 0, otherwise it decrypts @var{block}, using a key
@@ -257,9 +280,11 @@ stored in a @code{char}, but there are no parity bits in @var{block}.
@comment crypt.h
@comment GNU
@deftypefun void setkey_r (const char *@var{key}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
@comment crypt.h
@comment GNU
@deftypefunx void encrypt_r (char *@var{block}, int @var{edflag}, {struct crypt_data *} @var{data})
+@safety{@mtsafe{}@asunsafe{asynconsist, selfdeadlock}@acunsafe{lockleak}}
These are reentrant versions of @code{setkey} and @code{encrypt}. The
only difference is the extra parameter, which stores the expanded
@@ -274,6 +299,7 @@ defined in @file{crypt.h}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int ecb_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{ecb_crypt} encrypts or decrypts one or more blocks
using DES. Each block is encrypted independently.
@@ -355,6 +381,7 @@ This macro returns 1 if @var{err} is a `success' result code from
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun int cbc_crypt (char *@var{key}, char *@var{blocks}, unsigned @var{len}, unsigned @var{mode}, char *@var{ivec})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{cbc_crypt} encrypts or decrypts one or more blocks
using DES in Cipher Block Chaining mode.
@@ -381,6 +408,7 @@ Otherwise, all the parameters are similar to those for @code{ecb_crypt}.
@comment rpc/des_crypt.h
@comment SUNRPC
@deftypefun void des_setparity (char *@var{key})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{des_setparity} changes the 64-bit @var{key}, stored
packed in 8-bit bytes, to have odd parity by altering the low bits of
diff --git a/manual/ctype.texi b/manual/ctype.texi
index f05d509..ddf38ce 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -66,6 +66,13 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int islower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The is* macros call __ctype_b_loc to get the ctype array from the
+@c current locale, and then index it by c. __ctype_b_loc reads from
+@c thread-local memory the (indirect) pointer to the ctype array, which
+@c may involve one word access to the global locale object, if that's
+@c the active locale for the thread, and the array, being part of the
+@c locale data, is undeletable, so there's no thread-safety issue.
Returns true if @var{c} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -74,6 +81,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@end deftypefun
@@ -82,6 +90,7 @@ from the Latin alphabet, any alphabet representable is valid.
@comment ctype.h
@comment ISO
@deftypefun int isalpha (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphabetic character (a letter). If
@code{islower} or @code{isupper} is true of a character, then
@code{isalpha} is also true.
@@ -97,6 +106,7 @@ additional characters.
@comment ctype.h
@comment ISO
@deftypefun int isdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@end deftypefun
@@ -104,6 +114,7 @@ Returns true if @var{c} is a decimal digit (@samp{0} through @samp{9}).
@comment ctype.h
@comment ISO
@deftypefun int isalnum (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is an alphanumeric character (a letter or
number); in other words, if either @code{isalpha} or @code{isdigit} is
true of a character, then @code{isalnum} is also true.
@@ -113,6 +124,7 @@ true of a character, then @code{isalnum} is also true.
@comment ctype.h
@comment ISO
@deftypefun int isxdigit (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -123,6 +135,7 @@ Hexadecimal digits include the normal decimal digits @samp{0} through
@comment ctype.h
@comment ISO
@deftypefun int ispunct (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -132,6 +145,7 @@ character.
@comment ctype.h
@comment ISO
@deftypefun int isspace (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{isspace} returns true for only the standard
whitespace characters:
@@ -161,6 +175,7 @@ vertical tab
@comment ctype.h
@comment ISO
@deftypefun int isblank (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
@end deftypefun
@@ -169,6 +184,7 @@ This function was originally a GNU extension, but was added in @w{ISO C99}.
@comment ctype.h
@comment ISO
@deftypefun int isgraph (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -178,6 +194,7 @@ considered graphic.
@comment ctype.h
@comment ISO
@deftypefun int isprint (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@end deftypefun
@@ -186,6 +203,7 @@ include all the graphic characters, plus the space (@samp{ }) character.
@comment ctype.h
@comment ISO
@deftypefun int iscntrl (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a control character (that is, a character that
is not a printing character).
@end deftypefun
@@ -194,6 +212,7 @@ is not a printing character).
@comment ctype.h
@comment SVID, BSD
@deftypefun int isascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Returns true if @var{c} is a 7-bit @code{unsigned char} value that fits
into the US/UK ASCII character set. This function is a BSD extension
and is also an SVID extension.
@@ -227,6 +246,10 @@ These functions are declared in the header file @file{ctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The to* macros/functions call different functions that use different
+@c arrays than those of__ctype_b_loc, but the access patterns and
+@c thus safety guarantees are the same.
If @var{c} is an upper-case letter, @code{tolower} returns the corresponding
lower-case letter. If @var{c} is not an upper-case letter,
@var{c} is returned unchanged.
@@ -235,6 +258,7 @@ lower-case letter. If @var{c} is not an upper-case letter,
@comment ctype.h
@comment ISO
@deftypefun int toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If @var{c} is a lower-case letter, @code{toupper} returns the corresponding
upper-case letter. Otherwise @var{c} is returned unchanged.
@end deftypefun
@@ -242,6 +266,7 @@ upper-case letter. Otherwise @var{c} is returned unchanged.
@comment ctype.h
@comment SVID, BSD
@deftypefun int toascii (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function converts @var{c} to a 7-bit @code{unsigned char} value
that fits into the US/UK ASCII character set, by clearing the high-order
bits. This function is a BSD extension and is also an SVID extension.
@@ -250,6 +275,7 @@ bits. This function is a BSD extension and is also an SVID extension.
@comment ctype.h
@comment SVID
@deftypefun int _tolower (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{tolower}, and is provided for compatibility
with the SVID. @xref{SVID}.@refill
@end deftypefun
@@ -257,6 +283,7 @@ with the SVID. @xref{SVID}.@refill
@comment ctype.h
@comment SVID
@deftypefun int _toupper (int @var{c})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is identical to @code{toupper}, and is provided for compatibility
with the SVID.
@end deftypefun
@@ -303,6 +330,15 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctype_t wctype (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Although the source code of wctype contains multiple references to
+@c the locale, that could each reference different locale_data objects
+@c should the global locale object change while active, the compiler can
+@c and does combine them all into a single dereference that resolves
+@c once to the LCTYPE locale object used throughout the function, so it
+@c is safe in practice, if not in theory. Ideally we'd explicitly save
+@c the resolved locale_data object to make it visibly safe instead of
+@c safe only under compiler optimizations.
The @code{wctype} returns a value representing a class of wide
characters which is identified by the string @var{property}. Beside
some standard properties each locale can define its own ones. In case
@@ -331,6 +367,8 @@ the @w{ISO C} standard defines a completely new function.
@comment wctype.h
@comment ISO
@deftypefun int iswctype (wint_t @var{wc}, wctype_t @var{desc})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The compressed lookup table returned by wctype is read-only.
This function returns a nonzero value if @var{wc} is in the character
class specified by @var{desc}. @var{desc} must previously be returned
by a successful call to @code{wctype}.
@@ -350,6 +388,15 @@ standard classes.
@comment wctype.h
@comment ISO
@deftypefun int iswalnum (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c The implicit wctype call in the isw* functions is actually an
+@c optimized version because the category has a known offset, but the
+@c wctype is equally safe when optimized, unsafe if not optimized.
+@c Since it's not a macro, and we always optimize, it's fine. The test
+@c whether wc is ASCII to use the non-wide is* macro/funciton doesn't
+@c bring any other safety issues: the test does not depend on the
+@c locale, and each path after the decision resolves the locale object
+@c only once.
This function returns a nonzero value if @var{wc} is an alphanumeric
character (a letter or number); in other words, if either @code{iswalpha}
or @code{iswdigit} is true of a character, then @code{iswalnum} is also
@@ -370,6 +417,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswalpha (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an alphabetic character (a letter). If
@code{iswlower} or @code{iswupper} is true of a character, then
@code{iswalpha} is also true.
@@ -394,6 +442,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswcntrl (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a control character (that is, a character that
is not a printing character).
@@ -412,6 +461,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a digit (e.g., @samp{0} through @samp{9}).
Please note that this function does not only return a nonzero value for
@emph{decimal} digits, but for all kinds of digits. A consequence is
@@ -442,6 +492,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswgraph (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a graphic character; that is, a character
that has a glyph associated with it. The whitespace characters are not
considered graphic.
@@ -461,6 +512,7 @@ It is declared in @file{wctype.h}.
@comment ctype.h
@comment ISO
@deftypefun int iswlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a lower-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -479,6 +531,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswprint (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a printing character. Printing characters
include all the graphic characters, plus the space (@samp{ }) character.
@@ -497,6 +550,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswpunct (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a punctuation character.
This means any printing character that is not alphanumeric or a space
character.
@@ -516,6 +570,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswspace (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a @dfn{whitespace} character. In the standard
@code{"C"} locale, @code{iswspace} returns true for only the standard
whitespace characters:
@@ -555,6 +610,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is an upper-case letter. The letter need not be
from the Latin alphabet, any alphabet representable is valid.
@@ -573,6 +629,7 @@ It is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun int iswxdigit (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a hexadecimal digit.
Hexadecimal digits include the normal decimal digits @samp{0} through
@samp{9} and the letters @samp{A} through @samp{F} and
@@ -597,6 +654,7 @@ characters as well.
@comment wctype.h
@comment ISO
@deftypefun int iswblank (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
Returns true if @var{wc} is a blank character; that is, a space or a tab.
This function was originally a GNU extension, but was added in @w{ISO C99}.
It is declared in @file{wchar.h}.
@@ -691,7 +749,8 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Similar implementation, same caveats as wctype.
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -714,7 +773,8 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
-@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Same caveats as iswctype.
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
@@ -732,6 +792,9 @@ for them.
@comment wctype.h
@comment ISO
@deftypefun wint_t towlower (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
+@c Same caveats as iswalnum, just using a wctrans rather than a wctype
+@c table.
If @var{wc} is an upper-case letter, @code{towlower} returns the corresponding
lower-case letter. If @var{wc} is not an upper-case letter,
@var{wc} is returned unchanged.
@@ -751,6 +814,7 @@ This function is declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towupper (wint_t @var{wc})
+@safety{@mtsafe{glocale}@assafe{}@acsafe{}}
If @var{wc} is a lower-case letter, @code{towupper} returns the corresponding
upper-case letter. Otherwise @var{wc} is returned unchanged.
diff --git a/manual/debug.texi b/manual/debug.texi
index 1db9c18..ce0c263 100644
--- a/manual/debug.texi
+++ b/manual/debug.texi
@@ -36,6 +36,8 @@ and manipulate backtraces of the current thread.
@comment execinfo.h
@comment GNU
@deftypefun int backtrace (void **@var{buffer}, int @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Pointer chasing within the local stack.
The @code{backtrace} function obtains a backtrace for the current
thread, as a list of pointers, and places the information into
@var{buffer}. The argument @var{size} should be the number of
@@ -56,6 +58,17 @@ interpreting the stack contents correctly.
@comment execinfo.h
@comment GNU
@deftypefun {char **} backtrace_symbols (void *const *@var{buffer}, int @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, lockleak}}
+@c Collects info returned by _dl_addr in auto array, allocates memory
+@c for the whole return buffer with malloc then sprintfs into it storing
+@c pointers to the strings into the array entries in the buffer.
+@c _dl_addr takes the recursive dl_load_lock then calls
+@c _dl_find_dso_for_object and determine_info.
+@c _dl_find_dso_for_object calls _dl-addr_inside_object.
+@c All of them are safe as long as the lock is held.
+@c asynconsist? It doesn't looke like the dynamic loader's data
+@c structures could be in an inconsistent state that would cause
+@c malfunction here.
The @code{backtrace_symbols} function translates the information
obtained from the @code{backtrace} function into an array of strings.
The argument @var{buffer} should be a pointer to an array of addresses
@@ -88,6 +101,11 @@ cannot be obtained.
@comment execinfo.h
@comment GNU
@deftypefun void backtrace_symbols_fd (void *const *@var{buffer}, int @var{size}, int @var{fd})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c Single loop of _dl_addr over addresses, collecting info into an iovec
+@c written out with a writev call per iteration. Addresses and offsets
+@c are converted to hex in auto buffers, so the only potential issue
+@c here is leaking the dl lock in case of cancellation.
The @code{backtrace_symbols_fd} function performs the same translation
as the function @code{backtrace_symbols} function. Instead of returning
the strings to the caller, it writes the strings to the file descriptor
diff --git a/manual/errno.texi b/manual/errno.texi
index 6c9fa86..eb3f412 100644
--- a/manual/errno.texi
+++ b/manual/errno.texi
@@ -1293,6 +1293,9 @@ name of the program that encountered the error.
@comment string.h
@comment ISO
@deftypefun {char *} strerror (int @var{errnum})
+@safety{@mtunsafe{staticbuf}@asunsafe{staticbuf, asmalloc, asi18n}@acsafe{memleak}}
+@c Calls strerror_r with a static buffer allocated with malloc on the
+@c first use.
The @code{strerror} function maps the error code (@pxref{Checking for
Errors}) specified by the @var{errnum} argument to a descriptive error
message string. The return value is a pointer to this string.
@@ -1310,6 +1313,7 @@ The function @code{strerror} is declared in @file{string.h}.
@comment string.h
@comment GNU
@deftypefun {char *} strerror_r (int @var{errnum}, char *@var{buf}, size_t @var{n})
+@safety{@mtsafe{}@asunsafe{asi18n}@acsafe{}}
The @code{strerror_r} function works like @code{strerror} but instead of
returning the error message in a statically allocated buffer shared by
all threads in the process, it returns a private copy for the
@@ -1331,6 +1335,10 @@ This function @code{strerror_r} is a GNU extension and it is declared in
@comment stdio.h
@comment ISO
@deftypefun void perror (const char *@var{message})
+@safety{@mtsafe{xguargs}@asunsafe{asynconsist, asi18n, asmalloc, selfdeadlock}@acunsafe{incansist, lockleak, memleak, fdleak}}
+@c Besides strerror_r's and some of fprintf's issues, if stderr is not
+@c oriented yet, create a new stream with a dup of stderr's fd and write
+@c to that instead of stderr, to avoid orienting it.
This function prints an error message to the stream @code{stderr};
see @ref{Standard Streams}. The orientation of @code{stderr} is not
changed.
@@ -1442,6 +1450,13 @@ These functions are declared in @file{error.h}.
@comment error.h
@comment GNU
@deftypefun void error (int @var{status}, int @var{errnum}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acsafe{}}
+@c Cancellation is disabled throught the execution. It flushes stdout
+@c and then holds a lock on stderr while printing the program name and
+@c then running error_tail. The non-wide case just runs vfprintf; the
+@c wide case converts the message to an alloca/malloc-allocated buffer
+@c with mbsrtowcs, then prints it with vfwprintf. Afterwards,
+@c print_errno_message calls strerror_r and fxprintf.
The @code{error} function can be used to report general problems during
program execution. The @var{format} argument is a format string just
like those given to the @code{printf} family of functions. The
@@ -1477,6 +1492,15 @@ incremented by one to keep track of the number of errors reported.
@comment error.h
@comment GNU
@deftypefun void error_at_line (int @var{status}, int @var{errnum}, const char *@var{fname}, unsigned int @var{lineno}, const char *@var{format}, @dots{})
+@safety{@mtunsafe{staticbuf, glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist}}
+@c The error_one_per_line variable is accessed (without any form of
+@c synchronization, but since it's an int used once, it should be safe
+@c enough) and, if this mode is enabled, static variables used to hold
+@c the last printed file name and line number are accessed and modified
+@c without synchronization; the update is not atomic and it occurs
+@c before disabling cancellation, so it can be interrupted after only
+@c one of the two variables is modified. After that, it's very much
+@c like error.
The @code{error_at_line} function is very similar to the @code{error}
function. The only difference are the additional parameters @var{fname}
@@ -1582,6 +1606,8 @@ are included only for compatibility.
@comment err.h
@comment BSD
@deftypefun void warn (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Just calls vwarn with the va_list.
The @code{warn} function is roughly equivalent to a call like
@smallexample
error (0, errno, format, @r{the parameters})
@@ -1594,6 +1620,11 @@ are not used.
@comment err.h
@comment BSD
@deftypefun void vwarn (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c While holding stderr's recursive lock, it prints the programname, the
+@c given message, and the error string with fw?printf's %m. When the
+@c stream is wide, convert_and_print converts the format string to an
+@c alloca/malloc-created buffer using mbsrtowcs and then calls fwprintf.
The @code{vwarn} function is just like @code{warn} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1602,6 +1633,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void warnx (const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn, but without the strerror translation issues.
The @code{warnx} function is roughly equivalent to a call like
@smallexample
error (0, 0, format, @r{the parameters})
@@ -1615,6 +1648,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void vwarnx (const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn, but without the strerror translation issues.
The @code{vwarnx} function is just like @code{warnx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1623,6 +1658,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void err (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warn followed by exit.
The @code{err} function is roughly equivalent to a call like
@smallexample
error (status, errno, format, @r{the parameters})
@@ -1635,6 +1672,8 @@ are not used and that the program is exited even if @var{status} is zero.
@comment err.h
@comment BSD
@deftypefun void verr (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc, asi18n}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarn followed by exit.
The @code{verr} function is just like @code{err} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
@@ -1643,6 +1682,8 @@ in as an value of type @code{va_list}.
@comment err.h
@comment BSD
@deftypefun void errx (int @var{status}, const char *@var{format}, @dots{})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as warnx followed by exit.
The @code{errx} function is roughly equivalent to a call like
@smallexample
error (status, 0, format, @r{the parameters})
@@ -1657,6 +1698,8 @@ string is printed.
@comment err.h
@comment BSD
@deftypefun void verrx (int @var{status}, const char *@var{format}, va_list @var{ap})
+@safety{@mtsafe{glocale}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, lockleak, memleak}}
+@c Same as vwarnx followed by exit.
The @code{verrx} function is just like @code{errx} except that the
parameters for the handling of the format string @var{format} are passed
in as an value of type @code{va_list}.
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..2244025 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -58,6 +58,25 @@ Prototypes for these functions are declared in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun {char *} getcwd (char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c If buffer is NULL, this function calls malloc and realloc, and, in
+@c case of error, free. Linux offers a getcwd syscall that we use on
+@c GNU/Linux systems, but it may fail if the pathname is too long. As a
+@c fallback, and on other systems, the generic implementation opens each
+@c parent directory with opendir, which allocates memory for the
+@c directory stream with malloc. If a fstatat64 syscall is not
+@c available, very deep directory trees may also have to malloc to build
+@c longer sequences of ../../../... than those supported by a global
+@c const read-only string.
+
+@c linux/__getcwd
+@c posix/__getcwd
+@c malloc/realloc/free if buffer is NULL, or if dir is too deep
+@c lstat64 -> see its own entry
+@c fstatat64
+@c direct syscall if possible, alloca+snprintf+*stat64 otherwise
+@c openat64_not_cancel_3, close_not_cancel_no_status
+@c __fdopendir, __opendir, __readdir, rewinddir
The @code{getcwd} function returns an absolute file name representing
the current working directory, storing it in the character array
@var{buffer} that you provide. The @var{size} argument is how you tell
@@ -116,6 +135,9 @@ software.
@comment unistd.h
@comment BSD
@deftypefn {Deprecated Function} {char *} getwd (char *@var{buffer})
+@safety{@mtsafe{}@asunsafe{asmalloc, asi18n}@acsafe{memleak, fdleak}}
+@c Besides the getcwd safety issues, it calls strerror_r on error, which
+@c brings in all of the i18n issues.
This is similar to @code{getcwd}, but has no way to specify the size of
the buffer. @Theglibc{} provides @code{getwd} only
for backwards compatibility with BSD.
@@ -130,6 +152,9 @@ this function is deprecated.
@comment unistd.h
@comment GNU
@deftypefun {char *} get_current_dir_name (void)
+@safety{@mtunsafe{envromt}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides getcwd, which this function calls as a fallback, it calls
+@c getenv, with the usual thread-safety issues that brings about.
@vindex PWD
This @code{get_current_dir_name} function is basically equivalent to
@w{@code{getcwd (NULL, 0)}}. The only difference is that the value of
@@ -145,6 +170,7 @@ This function is a GNU extension.
@comment unistd.h
@comment POSIX.1
@deftypefun int chdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
@var{filename}.
@@ -158,6 +184,7 @@ file @var{filename} is not a directory.
@comment unistd.h
@comment XPG
@deftypefun int fchdir (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is used to set the process's working directory to
directory associated with the file descriptor @var{filedes}.
@@ -294,12 +321,14 @@ values and @code{st_mode} values:
@comment dirent.h
@comment BSD
@deftypefun int IFTODT (mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{d_type} value corresponding to @var{mode}.
@end deftypefun
@comment dirent.h
@comment BSD
@deftypefun mode_t DTTOIF (int @var{dtype})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This returns the @code{st_mode} value corresponding to @var{dtype}.
@end deftypefun
@end table
@@ -342,6 +371,9 @@ the following functions.
@comment dirent.h
@comment POSIX.1
@deftypefun {DIR *} opendir (const char *@var{dirname})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Besides the safe syscall, we have to allocate the DIR object with
+@c __alloc_dir, that calls malloc.
The @code{opendir} function opens and returns a directory stream for
reading the directory whose file name is @var{dirname}. The stream has
type @code{DIR *}.
@@ -381,6 +413,8 @@ alternative interface can be used.
@comment dirent.h
@comment GNU
@deftypefun {DIR *} fdopendir (int @var{fd})
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c The DIR object is allocated with __alloc_dir, that calls malloc.
The @code{fdopendir} function works just like @code{opendir} but
instead of taking a file name and opening a file descriptor for the
directory the caller is required to provide a file descriptor. This
@@ -425,6 +459,7 @@ access.
@comment dirent.h
@comment GNU
@deftypefun int dirfd (DIR *@var{dirstream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The function @code{dirfd} returns the file descriptor associated with
the directory stream @var{dirstream}. This descriptor can be used until
the directory is closed with @code{closedir}. If the directory stream
@@ -443,6 +478,12 @@ symbols are declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c This function holds dirstream's non-recursive lock, which brings
+@c about the usual issues with locks and async signals and cancellation,
+@c but the lock taking is not enough to make the returned value safe to
+@c use, since it points to a stream's internal buffer that can be
+@c overwritten by subsequent calls or even released by closedir.
This function reads the next entry from the directory. It normally
returns a pointer to a structure containing information about the file.
This structure is statically allocated and can be rewritten by a
@@ -469,6 +510,7 @@ value. Use @code{readdir_r} when this is critical.
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is the reentrant version of @code{readdir}. Like
@code{readdir} it returns the next entry from the directory. But to
prevent conflicts between simultaneously running threads the result is
@@ -516,6 +558,7 @@ of the last two functions.
@comment dirent.h
@comment LFS
@deftypefun {struct dirent64 *} readdir64 (DIR *@var{dirstream})
+@safety{@mtunsafe{staticbuf}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64} function is just like the @code{readdir} function
except that it returns a pointer to a record of type @code{struct
dirent64}. Some of the members of this data type (notably @code{d_ino})
@@ -527,6 +570,7 @@ In all other aspects this function is equivalent to @code{readdir}.
@comment dirent.h
@comment LFS
@deftypefun int readdir64_r (DIR *@var{dirstream}, struct dirent64 *@var{entry}, struct dirent64 **@var{result})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{readdir64_r} function is equivalent to the @code{readdir_r}
function except that it takes parameters of base type @code{struct
dirent64} instead of @code{struct dirent} in the second and third
@@ -537,6 +581,10 @@ position. The same precautions mentioned in the documentation of
@comment dirent.h
@comment POSIX.1
@deftypefun int closedir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock (hurd)}@acsafe{memleak, fdleak, lockleak (hurd)}}
+@c No synchronization in the posix implementation, only in the hurd
+@c one. This is regarded as safe because it is undefined behavior if
+@c other threads could still be using the dir stream while it's closed.
This function closes the directory stream @var{dirstream}. It returns
@code{0} on success and @code{-1} on failure.
@@ -576,6 +624,7 @@ declared in the header file @file{dirent.h}.
@comment dirent.h
@comment POSIX.1
@deftypefun void rewinddir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
The @code{rewinddir} function is used to reinitialize the directory
stream @var{dirstream}, so that if you call @code{readdir} it
returns information about the first entry in the directory again. This
@@ -589,6 +638,10 @@ added or removed since you last called @code{opendir} or
@comment dirent.h
@comment BSD
@deftypefun {long int} telldir (DIR *@var{dirstream})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{telldir} function returns the file position of the directory
stream @var{dirstream}. You can use this value with @code{seekdir} to
restore the directory stream to that position.
@@ -597,6 +650,10 @@ restore the directory stream to that position.
@comment dirent.h
@comment BSD
@deftypefun void seekdir (DIR *@var{dirstream}, long int @var{pos})
+@safety{@mtsafe{}@asunsafe{asmalloc (bsd), selfdeadlock (bsd)}@acunsafe{memleak (bsd), lockleak (bsd)}}
+@c The implementation is safe on most platforms, but on BSD it uses
+@c cookies, buckets and records, and the global array of pointers to
+@c dynamically allocated records is guarded by a non-recursive lock.
The @code{seekdir} function sets the file position of the directory
stream @var{dirstream} to @var{pos}. The value @var{pos} must be the
result of a previous call to @code{telldir} on this particular stream;
@@ -616,6 +673,19 @@ the result.
@comment dirent.h
@comment BSD/SVID
@deftypefun int scandir (const char *@var{dir}, struct dirent ***@var{namelist}, int (*@var{selector}) (const struct dirent *), int (*@var{cmp}) (const struct dirent **, const struct dirent **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c The scandir function calls __opendirat, __readdir, and __closedir to
+@c go over the named dir; malloc and realloc to allocate the namelist
+@c and copies of each selected dirent, besides the selector, if given,
+@c and qsort and the cmp functions if the latter is given. In spite of
+@c the cleanup handler that releases memory and the file descriptor in
+@c case of synchronous cancellation, an asynchronous cancellation may
+@c still leak memory and a file descriptor. Although readdir is unsafe
+@c in general, the use of an internal dir stream for sequential scanning
+@c of the directory with copying of dirents before subsequent calls
+@c makes the use safe, and the fact that the dir stream is private to
+@c each scandir call does away with the lock issues in readdir and
+@c closedir.
The @code{scandir} function scans the contents of the directory selected
by @var{dir}. The result in *@var{namelist} is an array of pointers to
@@ -646,6 +716,8 @@ are very helpful for this purpose.
@comment dirent.h
@comment BSD/SVID
@deftypefun int alphasort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Calls strcoll.
The @code{alphasort} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -658,6 +730,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls strverscmp.
The @code{versionsort} function is like @code{alphasort} except that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -670,6 +744,8 @@ dirent64}}. To use this we need a new function.
@comment dirent.h
@comment GNU
@deftypefun int scandir64 (const char *@var{dir}, struct dirent64 ***@var{namelist}, int (*@var{selector}) (const struct dirent64 *), int (*@var{cmp}) (const struct dirent64 **, const struct dirent64 **))
+@safety{@mtsafe{}@asunsafe{asmalloc}@acunsafe{memleak, fdleak}}
+@c See scandir.
The @code{scandir64} function works like the @code{scandir} function
except that the directory entries it returns are described by elements
of type @w{@code{struct dirent64}}. The function pointed to by
@@ -688,6 +764,8 @@ argument. Instead we provide the two replacement functions below.
@comment dirent.h
@comment GNU
@deftypefun int alphasort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c See alphasort.
The @code{alphasort64} function behaves like the @code{strcoll} function
(@pxref{String/Array Comparison}). The difference is that the arguments
are not string pointers but instead they are of type
@@ -700,6 +778,8 @@ than zero depending on the order of the two entries @var{a} and @var{b}.
@comment dirent.h
@comment GNU
@deftypefun int versionsort64 (const void *@var{a}, const void *@var{b})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c See versionsort.
The @code{versionsort64} function is like @code{alphasort64}, excepted that it
uses the @code{strverscmp} function internally.
@end deftypefun
@@ -880,6 +960,8 @@ file was passed).
@comment ftw.h
@comment SVID
@deftypefun int ftw (const char *@var{filename}, __ftw_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
+@c see nftw for safety details
The @code{ftw} function calls the callback function given in the
parameter @var{func} for every item which is found in the directory
specified by @var{filename} and all directories below. The function
@@ -930,6 +1012,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int ftw64 (const char *@var{filename}, __ftw64_func_t @var{func}, int @var{descriptors})
+@safety{@mtsafe{xguargs}, @asunsafe{asmalloc}, @acsafe{memleak, fdleak}}
This function is similar to @code{ftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -943,6 +1026,17 @@ transparently replaces the old implementation.
@comment ftw.h
@comment XPG4.2
@deftypefun int nftw (const char *@var{filename}, __nftw_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c ftw_startup calls alloca, malloc, free, xstat/lxstat, tdestroy, and ftw_dir
+@c if FTW_CHDIR, call open, and fchdir, or chdir and getcwd
+@c ftw_dir calls open_dir_stream, readdir64, process_entry, closedir
+@c if FTW_CHDIR, also calls fchdir
+@c open_dir_stream calls malloc, realloc, readdir64, free, closedir,
+@c then openat64_not_cancel_3 and fdopendir or opendir, then dirfd.
+@c process_entry may cal realloc, fxstatat/lxstat/xstat, ftw_dir, and
+@c find_object (tsearch) and add_object (tfind).
+@c Since each invocation of *ftw uses its own private search tree, none
+@c of the search tree concurrency issues apply.
The @code{nftw} function works like the @code{ftw} functions. They call
the callback function @var{func} for all items found in the directory
@var{filename} and below. At most @var{descriptors} file descriptors
@@ -1003,6 +1097,7 @@ interface transparently replaces the old interface.
@comment ftw.h
@comment Unix98
@deftypefun int nftw64 (const char *@var{filename}, __nftw64_func_t @var{func}, int @var{descriptors}, int @var{flag})
+@safety{@mtsafe{xguargs, tempchwd}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
This function is similar to @code{nftw} but it can work on filesystems
with large files. File information is reported using a variable of type
@code{struct stat64} which is passed by reference to the callback
@@ -1046,6 +1141,7 @@ file @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int link (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{link} function makes a new link to the existing file named by
@var{oldname}, under the new name @var{newname}.
@@ -1153,6 +1249,7 @@ Prototypes for most of the functions listed in this section are in
@comment unistd.h
@comment BSD
@deftypefun int symlink (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{symlink} function makes a symbolic link to @var{oldname} named
@var{newname}.
@@ -1190,6 +1287,7 @@ exceeded.
@comment unistd.h
@comment BSD
@deftypefun ssize_t readlink (const char *@var{filename}, char *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{readlink} function gets the value of the symbolic link
@var{filename}. The file name that the link points to is copied into
@var{buffer}. This file name string is @emph{not} null-terminated;
@@ -1249,6 +1347,8 @@ names can refer to the same inode.
@comment stdlib.h
@comment GNU
@deftypefun {char *} canonicalize_file_name (const char *@var{name})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls realpath.
The @code{canonicalize_file_name} function returns the absolute name of
the file named by @var{name} which contains no @code{.}, @code{..}
@@ -1290,6 +1390,8 @@ where the result is placed in.
@comment stdlib.h
@comment XPG
@deftypefun {char *} realpath (const char *restrict @var{name}, char *restrict @var{resolved})
+@safety{@mtsafe{xguargs}@asunsafe{asmalloc}@acsafe{memleak, fdleak}}
+@c Calls malloc, realloc, getcwd, lxstat64, readlink, alloca.
A call to @code{realpath} where the @var{resolved} parameter is
@code{NULL} behaves exactly like @code{canonicalize_file_name}. The
@@ -1329,6 +1431,7 @@ then the file is deleted as well. If the file has other remaining names
@comment unistd.h
@comment POSIX.1
@deftypefun int unlink (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{unlink} function deletes the file name @var{filename}. If
this is a file's sole name, the file itself is also deleted. (Actually,
if any process has the file open when this happens, deletion is
@@ -1371,6 +1474,7 @@ file system and can't be modified.
@comment unistd.h
@comment POSIX.1
@deftypefun int rmdir (const char *@var{filename})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@cindex directories, deleting
@cindex deleting a directory
The @code{rmdir} function deletes a directory. The directory must be
@@ -1398,6 +1502,8 @@ The prototype for this function is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int remove (const char *@var{filename})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Calls unlink and rmdir.
This is the @w{ISO C} function to remove a file. It works like
@code{unlink} for files and like @code{rmdir} for directories.
@code{remove} is declared in @file{stdio.h}.
@@ -1413,6 +1519,10 @@ The @code{rename} function is used to change a file's name.
@comment stdio.h
@comment ISO
@deftypefun int rename (const char *@var{oldname}, const char *@var{newname})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a rename syscall, there's an emulation with link
+@c and unlink, but it's racy, even more so if newname exists and is
+@c unlinked first.
The @code{rename} function renames the file @var{oldname} to
@var{newname}. The file formerly accessible under the name
@var{oldname} is afterwards accessible as @var{newname} instead. (If
@@ -1508,6 +1618,7 @@ a shell command @code{mkdir} which does the same thing.)
@comment sys/stat.h
@comment POSIX.1
@deftypefun int mkdir (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mkdir} function creates a new, empty directory with name
@var{filename}.
@@ -1849,6 +1960,7 @@ header file @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int stat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{stat} function returns information about the attributes of the
file named by @w{@var{filename}} in the structure pointed to by @var{buf}.
@@ -1875,6 +1987,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int stat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{stat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1888,6 +2001,7 @@ replaces the interface for small files on 32-bit machines.
@comment sys/stat.h
@comment POSIX.1
@deftypefun int fstat (int @var{filedes}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fstat} function is like @code{stat}, except that it takes an
open file descriptor as an argument instead of a file name.
@xref{Low-Level I/O}.
@@ -1909,6 +2023,7 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int fstat64 (int @var{filedes}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{fstat} but is able to work on large
files on 32-bit platforms. For large files the file descriptor
@var{filedes} should be obtained by @code{open64} or @code{creat64}.
@@ -1920,9 +2035,16 @@ function is available under the name @code{fstat} and so transparently
replaces the interface for small files on 32-bit machines.
@end deftypefun
+@c fstatat will call alloca and snprintf if the syscall is not
+@c available.
+@c @safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+
@comment sys/stat.h
@comment BSD
@deftypefun int lstat (const char *@var{filename}, struct stat *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat, sometimes with an xstat conv call
+@c afterwards.
The @code{lstat} function is like @code{stat}, except that it does not
follow symbolic links. If @var{filename} is the name of a symbolic
link, @code{lstat} returns information about the link itself; otherwise
@@ -1936,6 +2058,9 @@ replaces the normal implementation.
@comment sys/stat.h
@comment Unix98
@deftypefun int lstat64 (const char *@var{filename}, struct stat64 *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct system call through lxstat64, sometimes with an xstat conv
+@c call afterwards.
This function is similar to @code{lstat} but it is also able to work on
files larger then @math{2^31} bytes on 32-bit systems. To be able to do
this the result is stored in a variable of type @code{struct stat64} to
@@ -1974,12 +2099,14 @@ that file:
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISDIR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a directory.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISCHR (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a character special file (a
device like a terminal).
@end deftypefn
@@ -1987,6 +2114,7 @@ device like a terminal).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISBLK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a block special file (a device
like a disk).
@end deftypefn
@@ -1994,12 +2122,14 @@ like a disk).
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISREG (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a regular file.
@end deftypefn
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_ISFIFO (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a FIFO special file, or a
pipe. @xref{Pipes and FIFOs}.
@end deftypefn
@@ -2007,6 +2137,7 @@ pipe. @xref{Pipes and FIFOs}.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISLNK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a symbolic link.
@xref{Symbolic Links}.
@end deftypefn
@@ -2014,6 +2145,7 @@ This macro returns non-zero if the file is a symbolic link.
@comment sys/stat.h
@comment GNU
@deftypefn Macro int S_ISSOCK (mode_t @var{m})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns non-zero if the file is a socket. @xref{Sockets}.
@end deftypefn
@@ -2096,6 +2228,7 @@ the whole @code{struct stat} structure.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISMQ (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX message queues as distinct objects and the
file is a message queue object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2104,6 +2237,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSEM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX semaphores as distinct objects and the
file is a semaphore object, this macro returns a non-zero value.
In all other cases the result is zero.
@@ -2112,6 +2246,7 @@ In all other cases the result is zero.
@comment sys/stat.h
@comment POSIX
@deftypefn Macro int S_TYPEISSHM (struct stat *@var{s})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
If the system implement POSIX shared memory objects as distinct objects
and the file is an shared memory object, this macro returns a non-zero
value. In all other cases the result is zero.
@@ -2156,6 +2291,7 @@ The prototype for this function is declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int chown (const char *@var{filename}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chown} function changes the owner of the file @var{filename} to
@var{owner}, and its group owner to @var{group}.
@@ -2190,6 +2326,7 @@ The file is on a read-only file system.
@comment unistd.h
@comment BSD
@deftypefun int fchown (int @var{filedes}, uid_t @var{owner}, gid_t @var{group})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chown}, except that it changes the owner of the open
file with descriptor @var{filedes}.
@@ -2469,6 +2606,7 @@ The functions in this section are declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment POSIX.1
@deftypefun mode_t umask (mode_t @var{mask})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{umask} function sets the file creation mask of the current
process to @var{mask}, and returns the previous value of the file
creation mask.
@@ -2494,6 +2632,7 @@ you just want to read the mask value, because it is reentrant.
@comment sys/stat.h
@comment GNU
@deftypefun mode_t getumask (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
Return the current value of the file creation mask for the current
process. This function is a GNU extension and is only available on
@gnuhurdsystems{}.
@@ -2502,6 +2641,7 @@ process. This function is a GNU extension and is only available on
@comment sys/stat.h
@comment POSIX.1
@deftypefun int chmod (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{chmod} function sets the access permission bits for the file
named by @var{filename} to @var{mode}.
@@ -2542,6 +2682,7 @@ for full details on the sticky bit.
@comment sys/stat.h
@comment BSD
@deftypefun int fchmod (int @var{filedes}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{chmod}, except that it changes the permissions of the
currently open file given by @var{filedes}.
@@ -2612,6 +2753,7 @@ The symbols in this section are declared in @file{unistd.h}.
@comment unistd.h
@comment POSIX.1
@deftypefun int access (const char *@var{filename}, int @var{how})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{access} function checks to see whether the file named by
@var{filename} can be accessed in the way specified by the @var{how}
argument. The @var{how} argument either can be the bitwise OR of the
@@ -2732,6 +2874,9 @@ This is the modification time for the file.
@comment utime.h
@comment POSIX.1
@deftypefun int utime (const char *@var{filename}, const struct utimbuf *@var{times})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utime syscall, it non-atomically converts times
+@c to a struct timeval and calls utimes.
This function is used to modify the file times associated with the file
named @var{filename}.
@@ -2783,6 +2928,10 @@ in the header file @file{sys/time.h}.
@comment sys/time.h
@comment BSD
@deftypefun int utimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c In the absence of a utimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, or to
+@c struct utimbuf and calls utime.
This function sets the file access and modification times of the file
@var{filename}. The new file access time is specified by
@code{@var{tvp}[0]}, and the new modification time by
@@ -2797,6 +2946,9 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int lutimes (const char *@var{filename}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no lutimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall.
This function is like @code{utimes}, except that it does not follow
symbolic links. If @var{filename} is the name of a symbolic link,
@code{lutimes} sets the file access and modification times of the
@@ -2813,6 +2965,10 @@ function.
@comment sys/time.h
@comment BSD
@deftypefun int futimes (int @var{fd}, const struct timeval @var{tvp}@t{[2]})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Since there's no futimes syscall, it non-atomically converts tvp
+@c to struct timespec array and issues a utimensat syscall, falling back
+@c to utimes on a /proc/self/fd symlink.
This function is like @code{utimes}, except that it takes an open file
descriptor as an argument instead of a file name. @xref{Low-Level
I/O}. This function comes from FreeBSD, and is not available on all
@@ -2867,6 +3023,8 @@ succeed, without actually accomplishing anything.
@comment unistd.h
@comment X/Open
@deftypefun int truncate (const char *@var{filename}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a truncate syscall, we use open and ftruncate.
The @code{truncate} function changes the size of @var{filename} to
@var{length}. If @var{length} is shorter than the previous length, data
@@ -2911,6 +3069,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int truncate64 (const char *@var{name}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try truncate if length fits.
This function is similar to the @code{truncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines, which allows the handling of files with sizes up to
@@ -2924,6 +3084,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX
@deftypefun int ftruncate (int @var{fd}, off_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This is like @code{truncate}, but it works on a file descriptor @var{fd}
for an opened file instead of a file name to identify the object. The
@@ -2988,6 +3149,8 @@ The operation was interrupted by a signal.
@comment unistd.h
@comment Unix98
@deftypefun int ftruncate64 (int @var{id}, off64_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c In the absence of a syscall, try ftruncate if length fits.
This function is similar to the @code{ftruncate} function. The
difference is that the @var{length} argument is 64 bits wide even on 32
bits machines which allows the handling of files with sizes up to
@@ -3050,6 +3213,10 @@ The prototype for @code{mknod} is declared in @file{sys/stat.h}.
@comment sys/stat.h
@comment BSD
@deftypefun int mknod (const char *@var{filename}, mode_t @var{mode}, dev_t @var{dev})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Instead of issuing the syscall directly, we go through xmknod.
+@c Although the internal xmknod takes a dev_t*, that could lead to
+@c xguargs races, it's passed a pointer to mknod's dev.
The @code{mknod} function makes a special file with name @var{filename}.
The @var{mode} specifies the mode of the file, and may include the various
special file bits, such as @code{S_IFCHR} (for a character special file)
@@ -3101,6 +3268,20 @@ These facilities are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} tmpfile (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c The unsafety issues are those of fdopen, plus fdleak because of the
+@c open.
+@c __path_search (internal buf, !dir, const pfx, !try_tmpdir) ok
+@c libc_secure_genenv only if try_tmpdir
+@c xstat64, strlen, strcmp, sprintf
+@c __gen_tempname (internal tmpl, __GT_FILE) ok
+@c strlen, memcmp, getpid, open/mkdir/lxstat64 ok
+@c HP_TIMING_NOW if available ok
+@c gettimeofday (!tz) first time, or every time if no HP_TIMING_NOW ok
+@c static value is used and modified without synchronization ok
+@c but the use is as a source of non-cryptographic randomness
+@c with retries in case of collision, so it should be safe
+@c unlink, fdopen
This function creates a temporary binary file for update mode, as if by
calling @code{fopen} with mode @code{"wb+"}. The file is deleted
automatically when it is closed or when the program terminates. (On
@@ -3117,6 +3298,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} tmpfile64 (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
This function is similar to @code{tmpfile}, but the stream it returns a
pointer to was opened using @code{tmpfile64}. Therefore this stream can
be used for files larger then @math{2^31} bytes on 32-bit machines.
@@ -3132,6 +3314,11 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun {char *} tmpnam (char *@var{result})
+@safety{@mtunsafe{xguargs, staticbuf}@asunsafe{staticbuf}@acsafe{}}
+@c The passed-in buffer should not be modified concurrently with the
+@c call.
+@c __path_search (static or passed-in buf, !dir, !pfx, !try_tmpdir) ok
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
This function constructs and returns a valid file name that does not
refer to any existing file. If the @var{result} argument is a null
pointer, the return value is a pointer to an internal static string,
@@ -3156,6 +3343,7 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdio.h
@comment GNU
@deftypefun {char *} tmpnam_r (char *@var{result})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
This function is nearly identical to the @code{tmpnam} function, except
that if @var{result} is a null pointer it returns a null pointer.
@@ -3192,6 +3380,13 @@ never less than @code{25}.
@comment stdio.h
@comment SVID
@deftypefun {char *} tempnam (const char *@var{dir}, const char *@var{prefix})
+@safety{@mtunsafe{xguargs, envromt}@assafe{asmalloc}@acsafe{memleak}}
+@c There's no way (short of being setuid) to avoid getenv("TMPDIR"),
+@c even with a non-NULL dir, which makes this thread-unsafe.
+@c
+@c __path_search (internal buf, dir, pfx, try_tmpdir) unsafe getenv
+@c __gen_tempname (internal tmpl, __GT_NOCREATE) ok
+@c strdup
This function generates a unique temporary file name. If @var{prefix}
is not a null pointer, up to five characters of this string are used as
a prefix for the file name. The return value is a string newly
@@ -3255,6 +3450,8 @@ string. These functions are declared in the header file @file{stdlib.h}.
@comment stdlib.h
@comment Unix
@deftypefun {char *} mktemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_NOCREATE) ok
The @code{mktemp} function generates a unique file name by modifying
@var{template} as described above. If successful, it returns
@var{template} as modified. If @code{mktemp} cannot find a unique file
@@ -3273,6 +3470,8 @@ opening the file you should use the @code{O_EXCL} flag. Using
@comment stdlib.h
@comment BSD
@deftypefun int mkstemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{fdleak}}
+@c __gen_tempname (caller tmpl, __GT_FILE) ok
The @code{mkstemp} function generates a unique file name just as
@code{mktemp} does, but it also opens the file for you with @code{open}
(@pxref{Opening and Closing Files}). If successful, it modifies
@@ -3295,6 +3494,8 @@ new file and get an error if the file already exists.
@comment stdlib.h
@comment BSD
@deftypefun {char *} mkdtemp (char *@var{template})
+@safety{@mtunsafe{xguargs}@assafe{}@acsafe{}}
+@c __gen_tempname (caller tmpl, __GT_DIR) ok
The @code{mkdtemp} function creates a directory with a unique name. If
it succeeds, it overwrites @var{template} with the name of the
directory, and returns @var{template}. As with @code{mktemp} and
@@ -3316,3 +3517,23 @@ creation always works like @code{open} with @code{O_EXCL}.
@xref{Creating Directories}.
The @code{mkdtemp} function comes from OpenBSD.
+
+@c FIXME these are undocumented:
+@c faccessat
+@c fchmodat
+@c fchownat
+@c futimesat
+@c fstatat
+@c linkat
+@c mkdirat
+@c mkfifoat
+@c name_to_handle_at
+@c openat
+@c open_by_handle_at
+@c readlinkat
+@c renameat
+@c scandirat
+@c symlinkat
+@c unlinkat
+@c utimensat
+@c mknodat
diff --git a/manual/getopt.texi b/manual/getopt.texi
index f0b7283..3c1f4de 100644
--- a/manual/getopt.texi
+++ b/manual/getopt.texi
@@ -60,6 +60,31 @@ option argument, for those options that accept arguments.
@comment unistd.h
@comment POSIX.2
@deftypefun int getopt (int @var{argc}, char *const *@var{argv}, const char *@var{options})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c It may swap argv elements but argv is not guarded, and the
+@c modifications may be partial in case of cancellation. Calling getenv
+@c also brings about thread-safety issues out of access and returning
+@c pointers into the globally shared environment array, just like
+@c calling gettext brings about a whole lot of AS and AC safety issues.
+@c The getopt API involves returning values in the non-thread-specific
+@c optarg variable, which adds another thread-safety issue. Given
+@c print_errors, it may output errors to stderr, which may
+@c self-deadlock, leak locks, or encounter (in a signal handler) or
+@c leave (in case of cancellation) stderr in an inconsistent state.
+@c Various implicit, indirect uses of malloc, in uses of memstream and
+@c asprintf for error-printing, bring about the usual malloc issues.
+@c (The explicit use of malloc in a conditional situation in
+@c _getopt_initialize is never exercised in glibc.)
+@c
+@c _getopt_internal
+@c _getopt_internal_r
+@c gettext
+@c _getopt_initialize
+@c getenv
+@c malloc if USE_NONOPTION_FLAGS, never defined in libc
+@c open_memstream
+@c lockfile, unlockfile, __fxprintf -> stderr
+@c asprintf
The @code{getopt} function gets the next option argument from the
argument list specified by the @var{argv} and @var{argc} arguments.
Normally these values come directly from the arguments received by
@@ -225,6 +250,8 @@ was seen.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
Decode options from the vector @var{argv} (whose length is @var{argc}).
The argument @var{shortopts} describes the short options to accept, just as
it does in @code{getopt}. The argument @var{longopts} describes the long
@@ -278,6 +305,8 @@ getopt functionality there is one more function available.
@comment getopt.h
@comment GNU
@deftypefun int getopt_long_only (int @var{argc}, char *const *@var{argv}, const char *@var{shortopts}, const struct option *@var{longopts}, int *@var{indexptr})
+@safety{@mtunsafe{xguargs, envromt, staticbuf}@asunsafe{asmalloc, asi18n, selfdeadlock, asynconsist}@acunsafe{memleak, lockleak, incansist}}
+@c Same issues as getopt.
The @code{getopt_long_only} function is equivalent to the
@code{getopt_long} function but it allows to specify the user of the
diff --git a/manual/intro.texi b/manual/intro.texi
index 2630a77..e47832c 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -262,6 +262,28 @@ if the effective thread-local locale is not the global locale object
@code{setlocale} should not be called while these functions are active.
+@item @code{envromt}
+@cindex envromt
+
+Functions marked with @code{envromt} access the environment with
+@code{getenv} or similar, requiring the environment to be effectively
+read-only for MT-Safe operation.
+
+Environment-modifying functions do not protect in any way against
+concurrent modifications or access, so calling @code{envromt}-marked
+functions concurrently with @code{setenv}, @code{putenv},
+@code{unsetenv} or direct modifications of the global environment data
+structures is ill-advised; external concurrency control must be
+introduced by callers of these environment-modifying and
+@code{envromt}-marked functions.
+
+Functions that modify the environment are also marked with
+@code{envromt}, but they are not MT-Safe for the reasons above. Since
+all environment-modifying functions are MT-Unsafe, functions that only
+access the environment are marked as MT-Safe when no other safety issue
+applies.
+
+
@item @code{uunguard}
@cindex uunguard
@@ -291,6 +313,42 @@ AS-Safe behavior, callers must ensure that the objects passed in are not
modified concurrently by other threads or signal handlers.
+@item @code{tempchwd}
+@cindex tempchwd
+
+Functions marked with @code{tempchwd} may temporarily change the current
+working directory during their execution, which may cause relative
+pathnames to be resolved in unexpected ways in other threads or within
+asynchronous signal or cancellation handlers.
+
+This is not enough of a reason to mark so-marked functions as MT-Unsafe,
+but when this behavior is optional (e.g., @code{nftw} with
+@code{FTW_CHDIR}), avoiding the option in multi-threaded programs may be
+a good alternative to using full pathnames or file descriptor-relative
+(e.g. @code{openat}) system calls.
+
+
+@item @code{tempterm}
+@cindex tempterm
+
+Functions marked with @code{tempterm} may temporarily change the
+terminal settings.
+
+This would not be enough of a reason to mark so-marked functions as
+MT-Unsafe, but the recommended mode to modify terminal settings is to
+call @code{tcgetattr}, modify some flags, and then call
+@code{tcsetattr}. Functions marked with @code{tempterm} do that, so
+they leave a window in which changes made by other threads are lost.
+
+It is thus advisable for applications using the terminal to avoid
+concurrent interactions with it, more so if they expect different
+terminal modes.
+
+If this mark appears as an AC-Safety note, it means the function may
+also fail to restore the original terminal mode in case of asynchronous
+cancellation.
+
+
@end itemize
@@ -305,11 +363,37 @@ as follows:
Functions annotated with @code{staticbuf} use internal static buffers or
variables in ways that may cause concurrent calls to interfere
-destructively.
+destructively.
These functions are all MT-Unsafe and AC-Unsafe. However, many of them
offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+In many of these cases, the static buffer is only used to hold a return
+value; in a few of these, such as @code{tmpnam}, the use of the internal
+buffer can be avoided by passing the buffer as an argument, which makes
+the call MT-Safe and AS-Safe.
+
+
+@item @code{asi18n}
+@cindex asi18n
+
+Functions marked with @code{asi18n} use internationalization functions
+(@code{gettext}), which brings in a number of dependencies and issues
+yet to be documented.
+
+
+@item @code{shlimb}
+@cindex shlimb
+
+Functions marked with @code{shlimb} use the dynamic loader to bring in
+additional code modules. This involves opening files, mapping them into
+memory, allocating additional memory, resolving symbols, applying
+relocations and more, all of this while holding the dynamic loader
+lock.
+
+The non-recursive lock itself is enough for the function to be AS- and
+AC-Unsafe, but many other issues may arise.
+
@item @code{fdleak}
@cindex fdleak
@@ -390,9 +474,8 @@ For the reasons above, functions that leak locks are all AC-Unsafe.
Functions marked with @code{selfdeadlock} take a non-recursive lock to
ensure MT-Safety while modifying data structures guarded by the lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the result is a deadlock.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, the result is a deadlock.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid a deadlock if any signal handler might need
@@ -406,10 +489,9 @@ Functions marked with @code{asynconsist} take a recursive lock to ensure
MT-Safety while accessing or modifying data structures guarded by the
lock.
-If such a function is interrupted by a signal while holding the lock,
-and the signal handler calls any function that takes the same
-non-recursive lock, the latter function may observe a partially updated,
-inconsistent data structure, and misbehave.
+If such a function is called by a signal handler that interrupted
+another such function that took the lock, both may misbehave for
+observing inconsistent (partially updated or cached) data structures.
Blocking asynchronous signal delivery while calling such functions is
the only safe way to avoid the misbehavior that may ensue if any signal
@@ -444,6 +526,21 @@ Disabling asynchronous cancelation while calling such functions is the
only safe way to avoid the misbehavior that may ensure if the thread is
canceled while the function is running.
+@c A special case, probably not worth documenting separately, involves
+@c reallocing, or even freeing pointers. Any case involving free could
+@c be easily turned into an ac-safe memleak by resetting the pointer
+@c before releasing it; I don't think we have any case that calls for
+@c this sort of fixing. Fixing the realloc cases would require a new
+@c interface: instead of @code{ptr=realloc(ptr,size)} we'd have to
+@c introduce @code{acsafe_realloc(&ptr,size)} that would modify ptr
+@c before releasing the old memory. The ac-unsafe realloc could be
+@c implemented in terms of an internal interface with this semantics
+@c (say __acsafe_realloc), but since realloc can be overridden, the
+@c function we call to implement realloc should not be this internal
+@c interface, but another internal interface that calls __acsafe_realloc
+@c if realloc was not overridden, and calls the overridden realloc with
+@c async cancel disabled. --lxoliva
+
@item @code{simfpu}
@cindex simfpu
diff --git a/manual/job.texi b/manual/job.texi
index 4efeed3..779ea96 100644
--- a/manual/job.texi
+++ b/manual/job.texi
@@ -1039,6 +1039,10 @@ The function @code{ctermid} is declared in the header file
@comment stdio.h
@comment POSIX.1
@deftypefun {char *} ctermid (char *@var{string})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This function is a stub by default; the actual implementation, for
+@c posix systems, returns an internal buffer if passed a NULL string,
+@c but the internal buffer is always set to /dev/tty.
The @code{ctermid} function returns a string containing the file name of
the controlling terminal for the current process. If @var{string} is
not a null pointer, it should be an array that can hold at least
@@ -1075,6 +1079,11 @@ Your program should include the header files @file{sys/types.h} and
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t setsid (void)
+@safety{@mtsafe{}@assafe{selfdeadlock (hurd)}@acsafe{lockleak (hurd)}}
+@c This is usually a direct syscall, but if a syscall is not available,
+@c we use a stub, or Hurd- and BSD-specific implementations. The former
+@c uses a mutex and a hurd critical section, and the latter issues a few
+@c syscalls, so both seem safe, except for the locking on Hurd.
The @code{setsid} function creates a new session. The calling process
becomes the session leader, and is put in a new process group whose
process group ID is the same as the process ID of that process. There
@@ -1098,7 +1107,8 @@ already another process group around that has the same process group ID.
@comment unistd.h
@comment SVID
@deftypefun pid_t getsid (pid_t @var{pid})
-
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{getsid} function returns the process group ID of the session
leader of the specified process. If a @var{pid} is @code{0}, the
process group ID of the session leader of the current process is
@@ -1134,6 +1144,8 @@ programs with the @code{-lbsd-compat} option to get the BSD definition.@refill
@comment unistd.h
@comment POSIX.1
@deftypefn {POSIX.1 Function} pid_t getpgrp (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The POSIX.1 definition of @code{getpgrp} returns the process group ID of
the calling process.
@end deftypefn
@@ -1141,6 +1153,8 @@ the calling process.
@comment unistd.h
@comment BSD
@deftypefn {BSD Function} pid_t getpgrp (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Wrapper for getpgid.
The BSD definition of @code{getpgrp} returns the process group ID of the
process @var{pid}. You can supply a value of @code{0} for the @var{pid}
argument to get information about the calling process.
@@ -1149,6 +1163,8 @@ argument to get information about the calling process.
@comment unistd.h
@comment SVID
@deftypefn {System V Function} int getpgid (pid_t @var{pid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
@code{getpgid} is the same as the BSD function @code{getpgrp}. It
returns the process group ID of the process @var{pid}. You can supply a
@@ -1171,6 +1187,8 @@ process.
@comment unistd.h
@comment POSIX.1
@deftypefun int setpgid (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub or direct syscall, except on hurd, where it is equally safe.
The @code{setpgid} function puts the process @var{pid} into the process
group @var{pgid}. As a special case, either @var{pid} or @var{pgid} can
be zero to indicate the process ID of the calling process.
@@ -1208,6 +1226,8 @@ process or a child of the calling process.
@comment unistd.h
@comment BSD
@deftypefun int setpgrp (pid_t @var{pid}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall or setpgid wrapper.
This is the BSD Unix name for @code{setpgid}. Both functions do exactly
the same thing.
@end deftypefun
@@ -1230,6 +1250,8 @@ file itself and not a particular open file descriptor.
@comment unistd.h
@comment POSIX.1
@deftypefun pid_t tcgetpgrp (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function returns the process group ID of the foreground process
group associated with the terminal open on descriptor @var{filedes}.
@@ -1258,6 +1280,8 @@ controlling terminal of the calling process.
@comment unistd.h
@comment POSIX.1
@deftypefun int tcsetpgrp (int @var{filedes}, pid_t @var{pgid})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Stub, or ioctl on BSD and GNU/Linux.
This function is used to set a terminal's foreground process group ID.
The argument @var{filedes} is a descriptor which specifies the terminal;
@var{pgid} specifies the process group. The calling process must be a
@@ -1297,6 +1321,8 @@ process.
@comment termios.h
@comment Unix98
@deftypefun pid_t tcgetsid (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Ioctl call, if avaialble, or tcgetpgrp followed by getsid.
This function is used to obtain the process group ID of the session
for which the terminal specified by @var{fildes} is the controlling terminal.
If the call is successful the group ID is returned. Otherwise the
diff --git a/manual/lang.texi b/manual/lang.texi
index ee04e23..d6cd90c 100644
--- a/manual/lang.texi
+++ b/manual/lang.texi
@@ -51,6 +51,8 @@ without indicating anything might be wrong.
@comment assert.h
@comment ISO
@deftypefn Macro void assert (int @var{expression})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Verify the programmer's belief that @var{expression} is nonzero at
this point in the program.
@@ -91,6 +93,8 @@ The @code{assert_perror} macro makes this easy.
@comment assert.h
@comment GNU
@deftypefn Macro void assert_perror (int @var{errnum})
+@safety{@mtsafe{}@asunsafe{asmalloc, asynconsist}@acsafe{memleak, lockleak, incansist}}
+@c assert_fail_base calls asprintf, and fflushes stderr.
Similar to @code{assert}, but verifies that @var{errnum} is zero.
If @code{NDEBUG} is not defined, @code{assert_perror} tests the value of
@@ -423,6 +427,8 @@ The type @code{va_list} is used for argument pointer variables.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_start (va_list @var{ap}, @var{last-required})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This macro initializes the argument pointer variable @var{ap} to point
to the first of the optional arguments of the current function;
@var{last-required} must be the last required argument to the function.
@@ -431,6 +437,8 @@ to the first of the optional arguments of the current function;
@comment stdarg.h
@comment ISO
@deftypefn {Macro} @var{type} va_arg (va_list @var{ap}, @var{type})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_arg} macro returns the value of the next optional argument,
and modifies the value of @var{ap} to point to the subsequent argument.
Thus, successive uses of @code{va_arg} return successive optional
@@ -445,6 +453,8 @@ of the actual argument.
@comment stdarg.h
@comment ISO
@deftypefn {Macro} void va_end (va_list @var{ap})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This ends the use of @var{ap}. After a @code{va_end} call, further
@code{va_arg} calls with the same @var{ap} may not work. You should invoke
@code{va_end} before returning from the function in which @code{va_start}
@@ -466,6 +476,8 @@ of the same type.
@comment ISO
@deftypefn {Macro} void va_copy (va_list @var{dest}, va_list @var{src})
@deftypefnx {Macro} void __va_copy (va_list @var{dest}, va_list @var{src})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
The @code{va_copy} macro allows copying of objects of type
@code{va_list} even if this is not an integral type. The argument pointer
in @var{dest} is initialized to point to the same argument as the
@@ -1212,6 +1224,8 @@ type of a particular structure member.
@comment stddef.h
@comment ISO
@deftypefn {Macro} size_t offsetof (@var{type}, @var{member})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is no longer provided by glibc, but rather by the compiler.
This expands to a integer constant expression that is the offset of the
structure member named @var{member} in the structure type @var{type}.
For example, @code{offsetof (struct s, elem)} is the offset, in bytes,
diff --git a/manual/libdl.texi b/manual/libdl.texi
new file mode 100644
index 0000000..e3fe045
--- /dev/null
+++ b/manual/libdl.texi
@@ -0,0 +1,10 @@
+@c FIXME these are undocumented:
+@c dladdr
+@c dladdr1
+@c dlclose
+@c dlerror
+@c dlinfo
+@c dlmopen
+@c dlopen
+@c dlsym
+@c dlvsym
diff --git a/manual/llio.texi b/manual/llio.texi
index b129cf4..66370c4 100644
--- a/manual/llio.texi
+++ b/manual/llio.texi
@@ -78,6 +78,7 @@ declared in @file{unistd.h}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int open (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The @code{open} function creates and returns a new file descriptor for
the file named by @var{filename}. Initially, the file position
indicator for the file is at the beginning of the file. The argument
@@ -164,6 +165,7 @@ and @code{freopen} functions, that create streams.
@comment fcntl.h
@comment Unix98
@deftypefun int open64 (const char *@var{filename}, int @var{flags}[, mode_t @var{mode}])
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{open}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
difference is that on 32 bit systems the file is opened in the
@@ -178,6 +180,7 @@ replaces the old API.
@comment fcntl.h
@comment POSIX.1
@deftypefn {Obsolete function} int creat (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is obsolete. The call:
@smallexample
@@ -202,6 +205,7 @@ since all of the lowlevel file handling functions are equally replaced.
@comment fcntl.h
@comment Unix98
@deftypefn {Obsolete function} int creat64 (const char *@var{filename}, mode_t @var{mode})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
This function is similar to @code{creat}. It returns a file descriptor
which can be used to access the file named by @var{filename}. The only
the difference is that on 32 bit systems the file is opened in the
@@ -219,6 +223,7 @@ replaces the old API.
@comment unistd.h
@comment POSIX.1
@deftypefun int close (int @var{filedes})
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
The function @code{close} closes the file descriptor @var{filedes}.
Closing a file has the following consequences:
@@ -300,6 +305,7 @@ but must be a signed type.
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t read (int @var{filedes}, void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{read} function reads up to @var{size} bytes from the file
with descriptor @var{filedes}, storing the results in the @var{buffer}.
(This is not necessarily a character string, and no terminating null
@@ -395,6 +401,10 @@ functions that read from streams, such as @code{fgetc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, read and lseek back, but is it
+@c used anywhere?
The @code{pread} function is similar to the @code{read} function. The
first three arguments are identical, and the return values and error
codes also correspond.
@@ -430,6 +440,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pread64 (int @var{filedes}, void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, read and lseek64 back, but is
+@c it used anywhere?
This function is similar to the @code{pread} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -447,6 +461,7 @@ When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} on a
@comment unistd.h
@comment POSIX.1
@deftypefun ssize_t write (int @var{filedes}, const void *@var{buffer}, size_t @var{size})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{write} function writes up to @var{size} bytes from
@var{buffer} to the file with descriptor @var{filedes}. The data in
@var{buffer} is not necessarily a character string and a null character is
@@ -557,6 +572,10 @@ functions that write to streams, such as @code{fputc}.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek, write and lseek back, but is it
+@c used anywhere?
The @code{pwrite} function is similar to the @code{write} function. The
first three arguments are identical, and the return values and error codes
also correspond.
@@ -592,6 +611,10 @@ version 2.
@comment unistd.h
@comment Unix98
@deftypefun ssize_t pwrite64 (int @var{filedes}, const void *@var{buffer}, size_t @var{size}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c This is usually a safe syscall. The sysdeps/posix fallback emulation
+@c is not MT-Safe because it uses lseek64, write and lseek64 back, but
+@c is it used anywhere?
This function is similar to the @code{pwrite} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -624,6 +647,7 @@ To read the current file position value from a descriptor, use
@comment unistd.h
@comment POSIX.1
@deftypefun off_t lseek (int @var{filedes}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lseek} function is used to change the file position of the
file with descriptor @var{filedes}.
@@ -713,6 +737,7 @@ descriptors.
@comment unistd.h
@comment Unix98
@deftypefun off64_t lseek64 (int @var{filedes}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to the @code{lseek} function. The difference
is that the @var{offset} parameter is of type @code{off64_t} instead of
@code{off_t} which makes it possible on 32 bit machines to address
@@ -825,6 +850,7 @@ declared in the header file @file{stdio.h}.
@comment stdio.h
@comment POSIX.1
@deftypefun {FILE *} fdopen (int @var{filedes}, const char *@var{opentype})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
The @code{fdopen} function returns a new stream for the file descriptor
@var{filedes}.
@@ -853,6 +879,7 @@ see @ref{Creating a Pipe}.
@comment stdio.h
@comment POSIX.1
@deftypefun int fileno (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the file descriptor associated with the stream
@var{stream}. If an error is detected (for example, if the @var{stream}
is not valid) or if @var{stream} does not do I/O to a file,
@@ -862,6 +889,7 @@ is not valid) or if @var{stream} does not do I/O to a file,
@comment stdio.h
@comment GNU
@deftypefun int fileno_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fileno_unlocked} function is equivalent to the @code{fileno}
function except that it does not implicitly lock the stream if the state
is @code{FSETLOCKING_INTERNAL}.
@@ -1071,7 +1099,11 @@ Contains the length of the buffer.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t readv (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
-
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer into which data is read, if the total read size is
+@c too large for alloca.
The @code{readv} function reads data from @var{filedes} and scatters it
into the buffers described in @var{vector}, which is taken to be
@var{count} structures long. As each buffer is filled, data is sent to the
@@ -1089,6 +1121,11 @@ errors are the same as in @code{read}.
@comment sys/uio.h
@comment BSD
@deftypefun ssize_t writev (int @var{filedes}, const struct iovec *@var{vector}, int @var{count})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@c The fallback sysdeps/posix implementation, used even on GNU/Linux
+@c with old kernels that lack a full readv/writev implementation, may
+@c malloc the buffer from which data is written, if the total write size
+@c is too large for alloca.
The @code{writev} function gathers data from the buffers described in
@var{vector}, which is taken to be @var{count} structures long, and writes
@@ -1149,6 +1186,7 @@ These functions are declared in @file{sys/mman.h}.
@comment sys/mman.h
@comment POSIX
@deftypefun {void *} mmap (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{mmap} function creates a new mapping, connected to bytes
(@var{offset}) to (@var{offset} + @var{length} - 1) in the file open on
@@ -1268,6 +1306,9 @@ The file is on a filesystem that doesn't support mapping.
@comment sys/mman.h
@comment LFS
@deftypefun {void *} mmap64 (void *@var{address}, size_t @var{length}, int @var{protect}, int @var{flags}, int @var{filedes}, off64_t @var{offset})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The page_shift auto detection when MMAP2_PAGE_SHIFT is -1 (it never
+@c is) would be thread-unsafe.
The @code{mmap64} function is equivalent to the @code{mmap} function but
the @var{offset} parameter is of type @code{off64_t}. On 32-bit systems
this allows the file associated with the @var{filedes} descriptor to be
@@ -1284,6 +1325,7 @@ replaces the old API.
@comment sys/mman.h
@comment POSIX
@deftypefun int munmap (void *@var{addr}, size_t @var{length})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{munmap} removes any memory maps from (@var{addr}) to (@var{addr} +
@var{length}). @var{length} should be the length of the mapping.
@@ -1310,6 +1352,7 @@ aligned.
@comment sys/mman.h
@comment POSIX
@deftypefun int msync (void *@var{address}, size_t @var{length}, int @var{flags})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When using shared mappings, the kernel can write the file at any time
before the mapping is removed. To be certain data has actually been
@@ -1357,6 +1400,7 @@ There is no existing mapping in at least part of the given region.
@comment sys/mman.h
@comment GNU
@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to change the size of an existing memory
area. @var{address} and @var{length} must cover a region entirely mapped
@@ -1405,6 +1449,7 @@ Coding Standards}.
@comment sys/mman.h
@comment POSIX
@deftypefun int madvise (void *@var{addr}, size_t @var{length}, int @var{advice})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to provide the system with @var{advice} about
the intended usage patterns of the memory region starting at @var{addr}
@@ -1531,6 +1576,7 @@ that descriptor into an @code{fd_set}.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_ZERO (fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro initializes the file descriptor set @var{set} to be the
empty set.
@end deftypefn
@@ -1538,6 +1584,9 @@ empty set.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_SET (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro adds @var{filedes} to the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1547,6 +1596,9 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro void FD_CLR (int @var{filedes}, fd_set *@var{set})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Setting a bit isn't necessarily atomic, so there's a potential race
+@c here if set is not used exclusively.
This macro removes @var{filedes} from the file descriptor set @var{set}.
The @var{filedes} parameter must not have side effects since it is
@@ -1556,6 +1608,7 @@ evaluated more than once.
@comment sys/types.h
@comment BSD
@deftypefn Macro int FD_ISSET (int @var{filedes}, const fd_set *@var{set})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro returns a nonzero value (true) if @var{filedes} is a member
of the file descriptor set @var{set}, and zero (false) otherwise.
@@ -1568,6 +1621,10 @@ Next, here is the description of the @code{select} function itself.
@comment sys/types.h
@comment BSD
@deftypefun int select (int @var{nfds}, fd_set *@var{read-fds}, fd_set *@var{write-fds}, fd_set *@var{except-fds}, struct timeval *@var{timeout})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c The select syscall is preferred, but pselect6 may be used instead,
+@c which requires converting timeout to a timespec and back. The
+@c conversions are not atomic.
The @code{select} function blocks the calling process until there is
activity on any of the specified sets of file descriptors, or until the
timeout period has expired.
@@ -1670,6 +1727,7 @@ they return.
@comment unistd.h
@comment X/Open
@deftypefun void sync (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
A call to this function will not return as long as there is data which
has not been written to the device. All dirty buffers in the kernel will
be written and so an overall consistent system can be achieved (if no
@@ -1685,6 +1743,7 @@ committed, rather than all data in the system. For this, @code{sync} is overkil
@comment unistd.h
@comment POSIX
@deftypefun int fsync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fsync} function can be used to make sure all data associated with
the open file @var{fildes} is written to the device associated with the
descriptor. The function call does not return unless all actions have
@@ -1722,6 +1781,7 @@ recovering of the file in case of a problem.
@comment unistd.h
@comment POSIX
@deftypefun int fdatasync (int @var{fildes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
When a call to the @code{fdatasync} function returns, it is ensured
that all of the file data is written to the device. For all pending I/O
operations, the parts guaranteeing data integrity finished.
@@ -1923,6 +1983,158 @@ aiocb64}, since the LFS transparently replaces the old interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_read (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Calls aio_enqueue_request.
+@c aio_enqueue_request selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_self ok
+@c pthread_getschedparam selfdeadlock, lockleak
+@c lll_lock (pthread descriptor's lock) selfdeadlock, lockleak
+@c sched_getparam ok
+@c sched_getscheduler ok
+@c lll_unlock lockleak
+@c pthread_mutex_lock (aio_requests_mutex) selfdeadlock, lockleak
+@c get_elem asmalloc, memleak, [asynconsist, incansist], [xguargs]
+@c realloc asmalloc, memleak
+@c calloc asmalloc, memleak
+@c aio_create_helper_thread selfdeadlock, asmalloc, lockleak, memleak
+@c pthread_attr_init ok
+@c pthread_attr_setdetachstate ok
+@c pthread_get_minstack ok
+@c pthread_attr_setstacksize ok
+@c sigfillset ok
+@c memset ok
+@c sigdelset ok [xguargs, but the caller's sigset is automatic]
+@c SYSCALL rt_sigprocmask ok
+@c pthread_create selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c alloca/malloc asmalloc, memleak
+@c lll_unlock lockleak
+@c allocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c getpagesize dup
+@c lll_lock (default_pthread_attr_lock) selfdeadlock, lockleak
+@c lll_unlock lockleak
+@c _dl_allocate_tls asmalloc, memleak
+@c _dl_allocate_tls_storage asmalloc, memleak
+@c memalign asmalloc, memleak
+@c memset ok
+@c allocate_dtv dup
+@c free asmalloc, memleak
+@c allocate_dtv asmalloc, memleak
+@c calloc asmalloc, memleak
+@c INSTALL_DTV ok
+@c list_add dup
+@c get_cached_stack
+@c lll_lock (stack_cache_lock) selfdeadlock, lockleak
+@c list_for_each ok
+@c list_entry dup
+@c FREE_P dup
+@c stack_list_del dup
+@c stack_list_add dup
+@c lll_unlock lockleak
+@c _dl_allocate_tls_init ok
+@c GET_DTV ok
+@c mmap ok
+@c atomic_increment_val ok
+@c munmap ok
+@c change_stack_perm ok
+@c mprotect ok
+@c mprotect ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c THREAD_COPY_STACK_GUARD ok
+@c THREAD_COPY_POINTER_GUARD ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_lock (state_cache_lock) selfdeadlock, lockleak
+@c stack_list_del ok
+@c atomic_write_barrier ok
+@c list_del ok [uunguard]
+@c atomic_write_barrier ok
+@c queue_stack asmalloc, memleak
+@c stack_list_add ok
+@c atomic_write_barrier ok
+@c list_add ok [uunguard]
+@c atomic_write_barrier ok
+@c free_stacks asmalloc, memleak
+@c list_for_each_prev_safe ok
+@c list_entry ok
+@c FREE_P ok
+@c stack_list_del dup
+@c _dl_deallocate_tls dup
+@c munmap ok
+@c _dl_deallocate_tls asmalloc, memleak
+@c free asmalloc, memleak
+@c lll_unlock lockleak
+@c create_thread selfdeadlock, asmalloc, lockleak, memleak
+@c td_eventword
+@c td_eventmask
+@c do_clone selfdeadlock, asmalloc, lockleak, memleak
+@c PREPARE_CREATE ok
+@c lll_lock (pd->lock) selfdeadlock, lockleak
+@c atomic_increment ok
+@c clone ok
+@c atomic_decrement ok
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c deallocate_stack dup
+@c sched_setaffinity ok
+@c tgkill ok
+@c sched_setscheduler ok
+@c atomic_compare_and_exchange_bool_acq ok
+@c nptl_create_event ok
+@c lll_unlock (pd->lock) lockleak
+@c free asmalloc, memleak
+@c pthread_attr_destroy ok (cpuset won't be set, so free isn't called)
+@c add_request_to_runlist ok [xguargs]
+@c pthread_cond_signal ok
+@c aio_free_request ok [xguargs]
+@c pthread_mutex_unlock lockleak
+
+@c (in the new thread, initiated with clone)
+@c start_thread ok
+@c HP_TIMING_NOW ok
+@c ctype_init [glocale] (in theory, but optimized into safety)
+@c atomic_exchange_acq ok
+@c lll_futex_wake ok
+@c sigemptyset ok
+@c sigaddset ok
+@c setjmp ok
+@c CANCEL_ASYNC -> pthread_enable_asynccancel ok
+@c do_cancel ok
+@c pthread_unwind ok
+@c Unwind_ForcedUnwind or longjmp ok [asmalloc, memleak?]
+@c lll_lock selfdeadlock, lockleak
+@c lll_unlock selfdeadlock, lockleak
+@c CANCEL_RESET -> pthread_disable_asynccancel ok
+@c lll_futex_wait ok
+@c ->start_routine ok -----
+@c call_tls_dtors selfdeadlock, asmalloc, lockleak, memleak
+@c user-supplied dtor
+@c rtld_lock_lock_recursive (dl_load_lock) selfdeadlock, lockleak
+@c rtld_lock_unlock_recursive lockleak
+@c free asmalloc, memleak
+@c nptl_deallocate_tsd asmalloc, memleak
+@c tsd user-supplied dtors ok
+@c free asmalloc, memleak
+@c libc_thread_freeres
+@c libc_thread_subfreeres ok
+@c atomic_decrement_and_test ok
+@c td_eventword ok
+@c td_eventmask ok
+@c atomic_compare_exchange_bool_acq ok
+@c nptl_death_event ok
+@c lll_robust_dead ok
+@c getpagesize ok
+@c madvise ok
+@c free_tcb selfdeadlock, asmalloc, lockleak, memleak
+@c free asmalloc, memleak
+@c deallocate_stack selfdeadlock, asmalloc, lockleak, memleak
+@c lll_futex_wait ok
+@c exit_thread_inline ok
+@c syscall(exit) ok
+
This function initiates an asynchronous read operation. It
immediately returns after the operation was enqueued or when an
error was encountered.
@@ -1988,6 +2200,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_read64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_read} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{aio_read64} uses
@@ -2006,6 +2219,7 @@ of functions with a very similar interface.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_write (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function initiates an asynchronous write operation. The function
call immediately returns after the operation was enqueued or if before
this happens an error was encountered.
@@ -2072,6 +2286,7 @@ replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_write64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{aio_write} function. The only
difference is that on @w{32 bit} machines the file descriptor should
be opened in the large file mode. Internally @code{aio_write64} uses
@@ -2093,6 +2308,12 @@ operations. It is therefore similar to a combination of @code{readv} and
@comment aio.h
@comment POSIX.1b
@deftypefun int lio_listio (int @var{mode}, struct aiocb *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Call lio_listio_internal, that takes the aio_requests_mutex lock and
+@c enqueues each request. Then, it waits for notification or prepares
+@c for it before releasing the lock. Even though it performs memory
+@c allocation and locking of its own, it doesn't add any classes of
+@c safety issues that aren't already covered by aio_enqueue_request.
The @code{lio_listio} function can be used to enqueue an arbitrary
number of read and write requests at one time. The requests can all be
meant for the same file, all for different files or every solution in
@@ -2176,6 +2397,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int lio_listio64 (int @var{mode}, struct aiocb64 *const @var{list}[], int @var{nent}, struct sigevent *@var{sig})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to the @code{lio_listio} function. The only
difference is that on @w{32 bit} machines, the file descriptor should
be opened in the large file mode. Internally, @code{lio_listio64} uses
@@ -2204,6 +2426,7 @@ The following two functions allow you to get this kind of information.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_error (const struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function determines the error state of the request described by the
@code{struct aiocb} variable pointed to by @var{aiocbp}. If the
request has not yet terminated the value returned is always
@@ -2225,6 +2448,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_error64 (const struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_error} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2238,6 +2462,7 @@ machines.
@comment aio.h
@comment POSIX.1b
@deftypefun ssize_t aio_return (struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function can be used to retrieve the return status of the operation
carried out by the request described in the variable pointed to by
@var{aiocbp}. As long as the error status of this request as returned
@@ -2261,6 +2486,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun ssize_t aio_return64 (struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is similar to @code{aio_return} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2289,6 +2515,9 @@ if the symbol @code{_POSIX_SYNCHRONIZED_IO} is defined in @file{unistd.h}.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_fsync (int @var{op}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check that the FD is open, it calls
+@c aio_enqueue_request.
Calling this function forces all I/O operations operating queued at the
time of the function call operating on the file descriptor
@code{aiocbp->aio_fildes} into the synchronized I/O completion state
@@ -2336,6 +2565,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_fsync64 (int @var{op}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_fsync} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2362,6 +2592,9 @@ before the current client is served. For situations like this
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_suspend (const struct aiocb *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c Take aio_requests_mutex, set up waitlist and requestlist, wait
+@c for completion or timeout, and release the mutex.
When calling this function, the calling thread is suspended until at
least one of the requests pointed to by the @var{nent} elements of the
array @var{list} has completed. If any of the requests has already
@@ -2400,6 +2633,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_suspend64 (const struct aiocb64 *const @var{list}[], int @var{nent}, const struct timespec *@var{timeout})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
This function is similar to @code{aio_suspend} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2427,6 +2661,16 @@ or not. Therefore using this function is merely a hint.
@comment aio.h
@comment POSIX.1b
@deftypefun int aio_cancel (int @var{fildes}, struct aiocb *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c After fcntl to check the fd is open, hold aio_requests_mutex, call
+@c aio_find_req_fd, aio_remove_request, then aio_notify and
+@c aio_free_request each request before releasing the lock.
+@c aio_notify calls aio_notify_only and free, besides cond signal or
+@c similar. aio_notify_only calls pthread_attr_init,
+@c pthread_attr_setdetachstate, malloc, pthread_create,
+@c notify_func_wrapper, aio_sigqueue, getpid, raise.
+@c notify_func_wraper calls aio_start_notify_thread, free and then the
+@c notifier function.
The @code{aio_cancel} function can be used to cancel one or more
outstanding requests. If the @var{aiocbp} parameter is @code{NULL}, the
function tries to cancel all of the outstanding requests which would process
@@ -2474,6 +2718,7 @@ transparently replaces the normal implementation.
@comment aio.h
@comment Unix98
@deftypefun int aio_cancel64 (int @var{fildes}, struct aiocb64 *@var{aiocbp})
+@safety{@mtsafe{}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
This function is similar to @code{aio_cancel} with the only difference
that the argument is a reference to a variable of type @code{struct
aiocb64}.
@@ -2529,6 +2774,8 @@ Unused.
@comment aio.h
@comment GNU
@deftypefun void aio_init (const struct aioinit *@var{init})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acunsafe{lockleak}}
+@c All changes to global objects are guarded by aio_requests_mutex.
This function must be called before any other AIO function. Calling it
is completely voluntary, as it is only meant to help the AIO
implementation perform better.
@@ -2563,6 +2810,7 @@ function; see @ref{Opening and Closing Files}.
@comment fcntl.h
@comment POSIX.1
@deftypefun int fcntl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcntl} function performs the operation specified by
@var{command} on the file descriptor @var{filedes}. Some commands
require additional arguments to be supplied. These additional arguments
@@ -2645,6 +2893,7 @@ while prototypes for @code{dup} and @code{dup2} are in the header file
@comment unistd.h
@comment POSIX.1
@deftypefun int dup (int @var{old})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies descriptor @var{old} to the first available
descriptor number (the first number not currently open). It is
equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@@ -2653,6 +2902,7 @@ equivalent to @code{fcntl (@var{old}, F_DUPFD, 0)}.
@comment unistd.h
@comment POSIX.1
@deftypefun int dup2 (int @var{old}, int @var{new})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function copies the descriptor @var{old} to descriptor number
@var{new}.
@@ -3631,6 +3881,7 @@ different headers.
@comment sys/ioctl.h
@comment BSD
@deftypefun int ioctl (int @var{filedes}, int @var{command}, @dots{})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ioctl} function performs the generic I/O operation
@var{command} on @var{filedes}.
@@ -3650,3 +3901,6 @@ unknown device.
Most IOCTLs are OS-specific and/or only used in special system utilities,
and are thus beyond the scope of this document. For an example of the use
of an IOCTL, see @ref{Out-of-Band Data}.
+
+@c FIXME this is undocumented:
+@c dup3
diff --git a/manual/locale.texi b/manual/locale.texi
index 323268d..da50d18 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,10 +224,16 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
-@safety{@mtunsafe{uunguard}}
-@c This function is MT-Safe, but uses of the global locale object are
-@c unguarded in functions that ought to be MT-Safe, so we're ruling out
-@c the use of this function once threads are started.
+@safety{@mtunsafe{uunguard, envromt}@asunsafe{selfdeadlock, asmalloc}@acunsafe{lockleak, memleak}}
+@c Uses of the global locale object are unguarded in functions that
+@c ought to be MT-Safe, so we're ruling out the use of this function
+@c once threads are started. It takes a write lock itself, but it may
+@c return a pointer loaded from the global locale object after releasing
+@c the lock, or before taking it. It calls getenv for LOCPATH, malloc
+@c and free, and _nl_find_locale, which amount to all documented safety
+@c issues. It also calls new_composite_name, setdata, and setname,
+@c without any additional issues. _nl_find_locale calls getenv, ...
+This function returns a pointer read
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
diff --git a/manual/resource.texi b/manual/resource.texi
index 1ec7af2..71b08f7 100644
--- a/manual/resource.texi
+++ b/manual/resource.texi
@@ -223,6 +223,8 @@ The symbols for use with @code{getrlimit}, @code{setrlimit},
@comment sys/resource.h
@comment BSD
@deftypefun int getrlimit (int @var{resource}, struct rlimit *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems.
Read the current and maximum limits for the resource @var{resource}
and store them in @code{*@var{rlp}}.
@@ -237,6 +239,8 @@ LFS interface transparently replaces the old interface.
@comment sys/resource.h
@comment Unix98
@deftypefun int getrlimit64 (int @var{resource}, struct rlimit64 *@var{rlp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Direct syscall on most systems, wrapper to the getrlimit otherwise.
This function is similar to @code{getrlimit} but its second parameter is
a pointer to a variable of type @code{struct rlimit64}, which allows it
to read values which wouldn't fit in the member of a @code{struct
@@ -1516,6 +1520,9 @@ There is a much older interface available, too.
@comment unistd.h
@comment BSD
@deftypefun int getpagesize (void)
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Obtained from the aux vec at program startup time. GNU/Linux/m68k is
+@c the exception, with the possibility of a syscall.
The @code{getpagesize} function returns the page size of the process.
This value is fixed for the runtime of the process but can vary in
different runs of the application.
@@ -1559,6 +1566,8 @@ get this information two functions. They are declared in the file
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_phys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This fopens a /proc file and scans it for the requested information.
The @code{get_phys_pages} function returns the total number of pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1569,6 +1578,7 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun {long int} get_avphys_pages (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
The @code{get_phys_pages} function returns the number of available pages of
physical the system has. To get the amount of memory this number has to
be multiplied by the page size.
@@ -1614,6 +1624,10 @@ in @file{sys/sysinfo.h}.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs_conf (void)
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, fdleak, memleak}}
+@c This function reads from from /sys using dir streams (single user, so
+@c no staticbuf MT-Safety issue), and on some arches, from /proc using
+@c streams.
The @code{get_nprocs_conf} function returns the number of processors the
operating system configured.
@@ -1623,6 +1637,8 @@ This function is a GNU extension.
@comment sys/sysinfo.h
@comment GNU
@deftypefun int get_nprocs (void)
+@safety{@mtsafe{}@assafe{}@acsafe{fdleak}}
+@c This function reads from /proc using file descriptor I/O.
The @code{get_nprocs} function returns the number of available processors.
This function is a GNU extension.
diff --git a/manual/search.texi b/manual/search.texi
index efd3604..6910edc 100644
--- a/manual/search.texi
+++ b/manual/search.texi
@@ -146,6 +146,7 @@ To sort an array using an arbitrary comparison function, use the
@comment stdlib.h
@comment ISO
@deftypefun void qsort (void *@var{array}, size_t @var{count}, size_t @var{size}, comparison_fn_t @var{compare})
+@safety{@mtsafe{xguargs}@assafe{asmalloc}@acsafe{memleak}}
The @var{qsort} function sorts the array @var{array}. The array contains
@var{count} elements, each of which is of size @var{size}.
@@ -436,6 +437,11 @@ in the header file @file{search.h}.
@comment search.h
@comment SVID
@deftypefun {void *} tsearch (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
+@c The tree is not modified in a thread-safe manner, and rotations may
+@c leave the tree in an inconsistent state that could be observed in an
+@c asynchronous signal handler or after asynchronous cancellation of the
+@c thread performing the rotation or the insertion.
The @code{tsearch} function searches in the tree pointed to by
@code{*@var{rootp}} for an element matching @var{key}. The function
pointed to by @var{compar} is used to determine whether two elements
@@ -465,6 +471,7 @@ of space @code{NULL} is returned.
@comment search.h
@comment SVID
@deftypefun {void *} tfind (const void *@var{key}, void *const *@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
The @code{tfind} function is similar to the @code{tsearch} function. It
locates an element matching the one pointed to by @var{key} and returns
a pointer to this element. But if no matching element is available no
@@ -479,6 +486,7 @@ elements.
@comment search.h
@comment SVID
@deftypefun {void *} tdelete (const void *@var{key}, void **@var{rootp}, comparison_fn_t @var{compar})
+@safety{@mtunsafe{xguargs}@asunsafe{asynconsist, asmalloc}@acunsafe{incansist, memleak}}
To remove a specific element matching @var{key} from the tree
@code{tdelete} can be used. It locates the matching element using the
same method as @code{tfind}. The corresponding element is then removed
@@ -492,6 +500,7 @@ is deleted @code{tdelete} returns some unspecified value not equal to
@comment search.h
@comment GNU
@deftypefun void tdestroy (void *@var{vroot}, __free_fn_t @var{freefct})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
If the complete search tree has to be removed one can use
@code{tdestroy}. It frees all resources allocated by the @code{tsearch}
function to generate the tree pointed to by @var{vroot}.
@@ -546,6 +555,7 @@ The current node is a leaf.
@comment search.h
@comment SVID
@deftypefun void twalk (const void *@var{root}, __action_fn_t @var{action})
+@safety{@mtsafe{xguards}@assafe{}@acsafe{}}
For each node in the tree with a node pointed to by @var{root}, the
@code{twalk} function calls the function provided by the parameter
@var{action}. For leaf nodes the function is called exactly once with
diff --git a/manual/startup.texi b/manual/startup.texi
index a277714..7bbaf13 100644
--- a/manual/startup.texi
+++ b/manual/startup.texi
@@ -358,8 +358,8 @@ value is nonzero and @code{errno} is set to indicate the error.
The difference to the @code{setenv} function is that the exact string
given as the parameter @var{string} is put into the environment. If the
user should change the string after the @code{putenv} call this will
-reflect in automatically in the environment. This also requires that
-@var{string} is no automatic variable which scope is left before the
+reflect automatically in the environment. This also requires that
+@var{string} not be an automatic variable whose scope is left before the
variable is removed from the environment. The same applies of course to
dynamically allocated variables which are freed later.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 7809dd4..79a3340 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,7 +148,7 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -267,7 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -414,7 +414,7 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
@c After fclose, it is undefined behavior to use the stream it points
@c to. Therefore, one must only call fclose when the stream is
@c otherwise unused. Concurrent uses started before will complete
@@ -2662,6 +2662,42 @@ pointer @var{ap}.
@c case of cancellation. This doesn't make it unsafe, but cancelling it
@c may leak memory. The unguarded use of __printf_function_table is
@c also of concern for all callers.
+@c _itoa ok
+@c _udiv_qrnnd_preinv ok
+@c group_number ok
+@c _i18n_number_rewrite
+@c __wctrans ok
+@c __towctrans glocale
+@c __wcrtomb ok? dup below
+@c outdigit_value ok
+@c outdigitwc_value ok
+@c outchar ok
+@c outstring ok
+@c PAD ok
+@c __printf_fp glocale memleak
+@c __printf_fphex glocale
+@c __readonly_area
+@c [GNU/Linux] fopen, strtoul, free
+@c __strerror_r ok if no translation, check otherwise
+@c __btowc ? gconv-modules
+@c __wcrtomb ok (not using internal state) gconv-modules
+@c ARGCHECK
+@c UNBUFFERED_P (tested before taking the stream lock)
+@c buffered_vfprintf ok
+@c __find_spec(wc|mb)
+@c read_int
+@c __libc_use_alloca
+@c process_arg
+@c process_string_arg
+@c extend_alloca
+@c __parse_one_spec(wc|mb)
+@c *__printf_arginfo_table unguarded
+@c __printf_va_arg_table-> unguarded
+@c *__printf_function_table unguarded
+@c done_add
+@c printf_unknown
+@c outchar
+@c _itoa_word
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -5020,7 +5056,7 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
@c bringing with it additional potential for async trouble with
@c list_all_lock.
@@ -5076,7 +5112,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
-@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -5192,7 +5228,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
-@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
diff --git a/manual/string.texi b/manual/string.texi
index 246be84..a75d298 100644
--- a/manual/string.texi
+++ b/manual/string.texi
@@ -1247,6 +1247,8 @@ strncmp ("hello, world", "hello, stupid world!!!", 5)
@comment string.h
@comment GNU
@deftypefun int strverscmp (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale}@acunsafe{glocale}}
+@c Calls isdigit multiple times, locale may change in between.
The @code{strverscmp} function compares the string @var{s1} against
@var{s2}, considering them as holding indices/version numbers. The
return value follows the same conventions as found in the
@@ -1343,6 +1345,8 @@ transformed strings with @code{strcmp} or @code{wcscmp}.
@comment string.h
@comment ISO
@deftypefun int strcoll (const char *@var{s1}, const char *@var{s2})
+@safety{@mtsafe{}@asunsafe{glocale-revisit}@acunsafe{glocale-revisit}}
+@c Adjust alphasort one safety info is determined.
The @code{strcoll} function is similar to @code{strcmp} but uses the
collating sequence of the current locale for collation (the
@code{LC_COLLATE} locale).
diff --git a/manual/terminal.texi b/manual/terminal.texi
index 9e9c057..7f62a4e 100644
--- a/manual/terminal.texi
+++ b/manual/terminal.texi
@@ -264,6 +264,9 @@ array.
@comment termios.h
@comment POSIX.1
@deftypefun int tcgetattr (int @var{filedes}, struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the kernel-returned termios data structure to the userland
+@c format does not ensure atomic or consistent writing.
This function is used to examine the attributes of the terminal
device with file descriptor @var{filedes}. The attributes are returned
in the structure that @var{termios-p} points to.
@@ -284,6 +287,9 @@ The @var{filedes} is not associated with a terminal.
@comment termios.h
@comment POSIX.1
@deftypefun int tcsetattr (int @var{filedes}, int @var{when}, const struct termios *@var{termios-p})
+@safety{@mtsafe{xguargs}@assafe{}@acsafe{}}
+@c Converting the incoming termios data structure to the kernel format
+@c does not ensure atomic or consistent reading.
This function sets the attributes of the terminal device with file
descriptor @var{filedes}. The new attributes are taken from the
structure that @var{termios-p} points to.
diff --git a/manual/threads.texi b/manual/threads.texi
index a23ac26..19bfad6 100644
--- a/manual/threads.texi
+++ b/manual/threads.texi
@@ -31,6 +31,7 @@ before thread-specific data, so they should not be used in thread-specific
data destructors or even as members of the thread-specific data, since the
latter is passed as an argument to the destructor function.
+@c FIXME: use @deftypefun for these.
@item int pthread_key_delete (pthread_key_t @var{key})
Destroy the thread-specific data @var{key} in the calling thread. The
destructor for the thread-specific data is not called during destruction, nor
@@ -82,3 +83,124 @@ attributes or the stack address is set in the attribute.
The system does not have sufficient memory.
@end table
@end deftypefun
+
+@c FIXME these are undocumented:
+@c pthread_atfork
+@c pthread_attr_destroy
+@c pthread_attr_getaffinity_np
+@c pthread_attr_getdetachstate
+@c pthread_attr_getguardsize
+@c pthread_attr_getinheritsched
+@c pthread_attr_getschedparam
+@c pthread_attr_getschedpolicy
+@c pthread_attr_getscope
+@c pthread_attr_getstack
+@c pthread_attr_getstackaddr
+@c pthread_attr_getstacksize
+@c pthread_attr_init
+@c pthread_attr_setaffinity_np
+@c pthread_attr_setdetachstate
+@c pthread_attr_setguardsize
+@c pthread_attr_setinheritsched
+@c pthread_attr_setschedparam
+@c pthread_attr_setschedpolicy
+@c pthread_attr_setscope
+@c pthread_attr_setstack
+@c pthread_attr_setstackaddr
+@c pthread_attr_setstacksize
+@c pthread_barrierattr_destroy
+@c pthread_barrierattr_getpshared
+@c pthread_barrierattr_init
+@c pthread_barrierattr_setpshared
+@c pthread_barrier_destroy
+@c pthread_barrier_init
+@c pthread_barrier_wait
+@c pthread_cancel
+@c pthread_cleanup_push
+@c pthread_cleanup_pop
+@c pthread_condattr_destroy
+@c pthread_condattr_getclock
+@c pthread_condattr_getpshared
+@c pthread_condattr_init
+@c pthread_condattr_setclock
+@c pthread_condattr_setpshared
+@c pthread_cond_broadcast
+@c pthread_cond_destroy
+@c pthread_cond_init
+@c pthread_cond_signal
+@c pthread_cond_timedwait
+@c pthread_cond_wait
+@c pthread_create
+@c pthread_detach
+@c pthread_equal
+@c pthread_exit
+@c pthread_getaffinity_np
+@c pthread_getattr_np
+@c pthread_getconcurrency
+@c pthread_getcpuclockid
+@c pthread_getname_np
+@c pthread_getschedparam
+@c pthread_join
+@c pthread_kill
+@c pthread_kill_other_threads_np
+@c pthread_mutexattr_destroy
+@c pthread_mutexattr_getkind_np
+@c pthread_mutexattr_getprioceiling
+@c pthread_mutexattr_getprotocol
+@c pthread_mutexattr_getpshared
+@c pthread_mutexattr_getrobust
+@c pthread_mutexattr_getrobust_np
+@c pthread_mutexattr_gettype
+@c pthread_mutexattr_init
+@c pthread_mutexattr_setkind_np
+@c pthread_mutexattr_setprioceiling
+@c pthread_mutexattr_setprotocol
+@c pthread_mutexattr_setpshared
+@c pthread_mutexattr_setrobust
+@c pthread_mutexattr_setrobust_np
+@c pthread_mutexattr_settype
+@c pthread_mutex_consistent
+@c pthread_mutex_consistent_np
+@c pthread_mutex_destroy
+@c pthread_mutex_getprioceiling
+@c pthread_mutex_init
+@c pthread_mutex_lock
+@c pthread_mutex_setprioceiling
+@c pthread_mutex_timedlock
+@c pthread_mutex_trylock
+@c pthread_mutex_unlock
+@c pthread_once
+@c pthread_rwlockattr_destroy
+@c pthread_rwlockattr_getkind_np
+@c pthread_rwlockattr_getpshared
+@c pthread_rwlockattr_init
+@c pthread_rwlockattr_setkind_np
+@c pthread_rwlockattr_setpshared
+@c pthread_rwlock_destroy
+@c pthread_rwlock_init
+@c pthread_rwlock_rdlock
+@c pthread_rwlock_timedrdlock
+@c pthread_rwlock_timedwrlock
+@c pthread_rwlock_tryrdlock
+@c pthread_rwlock_trywrlock
+@c pthread_rwlock_unlock
+@c pthread_rwlock_wrlock
+@c pthread_self
+@c pthread_setaffinity_np
+@c pthread_setcancelstate
+@c pthread_setcanceltype
+@c pthread_setconcurrency
+@c pthread_setname_np
+@c pthread_setschedparam
+@c pthread_setschedprio
+@c pthread_sigmask
+@c pthread_sigqueue
+@c pthread_spin_destroy
+@c pthread_spin_init
+@c pthread_spin_lock
+@c pthread_spin_trylock
+@c pthread_spin_unlock
+@c pthread_testcancel
+@c pthread_timedjoin_np
+@c pthread_tryjoin_np
+@c pthread_yield
diff --git a/manual/time.texi b/manual/time.texi
index ff31e28..3967b24 100644
--- a/manual/time.texi
+++ b/manual/time.texi
@@ -475,6 +475,12 @@ Instead, use the facilities described in @ref{Time Zone Functions}.
@comment sys/time.h
@comment BSD
@deftypefun int gettimeofday (struct timeval *@var{tp}, struct timezone *@var{tzp})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c On most GNU/Linux systems this is a direct syscall, but the posix/
+@c implementation (not used on GNU/Linux or GNU/Hurd) relies on time and
+@c localtime_r, saving and restoring tzname in an unsafe manner.
+@c On some GNU/Linux variants, ifunc resolvers are used in shared libc
+@c for vdso resolution. ifunc-vdso-revisit.
The @code{gettimeofday} function returns the current calendar time as
the elapsed time since the epoch in the @code{struct timeval} structure
indicated by @var{tp}. (@pxref{Elapsed Time} for a description of
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
commit b86a9adf8ea6fc915d528f3fa61ded06f3c91c61
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:43 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/ctype.texi: Document thread safety properties.
diff --git a/manual/ctype.texi b/manual/ctype.texi
index 3d13571..f05d509 100644
--- a/manual/ctype.texi
+++ b/manual/ctype.texi
@@ -691,6 +691,7 @@ This type is defined in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wctrans_t wctrans (const char *@var{property})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wctrans} function has to be used to find out whether a named
mapping is defined in the current locale selected for the
@code{LC_CTYPE} category. If the returned value is non-zero, you can use
@@ -713,6 +714,7 @@ These functions are declared in @file{wctype.h}.
@comment wctype.h
@comment ISO
@deftypefun wint_t towctrans (wint_t @var{wc}, wctrans_t @var{desc})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{towctrans} maps the input character @var{wc}
according to the rules of the mapping for which @var{desc} is a
descriptor, and returns the value it finds. @var{desc} must be
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=00af0ed393c8103a619299dc34fcda36561f3cd7
commit 00af0ed393c8103a619299dc34fcda36561f3cd7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:41 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/math.texi: Document thread safety properties.
diff --git a/manual/math.texi b/manual/math.texi
index 193d415..fd5d0c8 100644
--- a/manual/math.texi
+++ b/manual/math.texi
@@ -560,6 +560,7 @@ negative), @code{logb} returns @math{@infinity{}}. If @var{x} is zero,
@comment math.h
@comment ISO
@deftypefunx int ilogbl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are equivalent to the corresponding @code{logb}
functions except that they return signed integer values.
@end deftypefun
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2138bb13b72835109d53a470595be6f31f485113
commit 2138bb13b72835109d53a470595be6f31f485113
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/locale.texi: Document thread safety properties.
diff --git a/manual/locale.texi b/manual/locale.texi
index 2f10fcd..323268d 100644
--- a/manual/locale.texi
+++ b/manual/locale.texi
@@ -224,6 +224,10 @@ The symbols in this section are defined in the header file @file{locale.h}.
@comment locale.h
@comment ISO
@deftypefun {char *} setlocale (int @var{category}, const char *@var{locale})
+@safety{@mtunsafe{uunguard}}
+@c This function is MT-Safe, but uses of the global locale object are
+@c unguarded in functions that ought to be MT-Safe, so we're ruling out
+@c the use of this function once threads are started.
The function @code{setlocale} sets the current locale for category
@var{category} to @var{locale}. A list of all the locales the system
provides can be created by running
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=29204588dcc2ae4b2c07025a50f8018c87cdc409
commit 29204588dcc2ae4b2c07025a50f8018c87cdc409
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:40 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/stdio.texi: Document thread safety properties.
diff --git a/manual/stdio.texi b/manual/stdio.texi
index 3f9be9b..7809dd4 100644
--- a/manual/stdio.texi
+++ b/manual/stdio.texi
@@ -148,6 +148,8 @@ Everything described in this section is declared in the header file
@comment stdio.h
@comment ISO
@deftypefun {FILE *} fopen (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, fdleak, lockleak}}
+@c fopen may leak the list lock if cancelled within _IO_link_in.
The @code{fopen} function opens a stream for I/O to the file
@var{filename}, and returns a pointer to the stream.
@@ -265,6 +267,7 @@ Locks}.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} fopen64 (const char *@var{filename}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, fdleak, lockleak}}
This function is similar to @code{fopen} but the stream it returns a
pointer for is opened using @code{open64}. Therefore this stream can be
used even on files larger then @math{2^31} bytes on 32 bit machines.
@@ -294,6 +297,16 @@ resource limit; @pxref{Limits on Resources}.
@comment stdio.h
@comment ISO
@deftypefun {FILE *} freopen (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
+@c Like most I/O operations, this one is guarded by a recursive lock,
+@c released even upon cancellation, but cancellation may leak file
+@c descriptors and leave the stream in an inconsistent state (e.g.,
+@c still bound to the closed descriptor). Also, if the stream is
+@c part-way through a significant update (say running freopen) when a
+@c signal handler calls freopen again on the same stream, the result is
+@c likely to be an inconsistent stream, and the possibility of closing
+@c twice file descriptor number that the stream used to use, the second
+@c time when it might have already been reused by another thread.
This function is like a combination of @code{fclose} and @code{fopen}.
It first closes the stream referred to by @var{stream}, ignoring any
errors that are detected in the process. (Because errors are ignored,
@@ -320,6 +333,7 @@ interface replaces transparently the old interface.
@comment stdio.h
@comment Unix98
@deftypefun {FILE *} freopen64 (const char *@var{filename}, const char *@var{opentype}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, fdleak}}
This function is similar to @code{freopen}. The only difference is that
on 32 bit machine the stream returned is able to read beyond the
@math{2^31} bytes limits imposed by the normal interface. It should be
@@ -341,6 +355,7 @@ descriptor and these functions are also available in @theglibc{}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freadable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freadable} function determines whether the stream
@var{stream} was opened to allow reading. In this case the return value
is nonzero. For write-only streams the function returns zero.
@@ -351,6 +366,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwritable (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwritable} function determines whether the stream
@var{stream} was opened to allow writing. In this case the return value
is nonzero. For read-only streams the function returns zero.
@@ -364,6 +380,7 @@ They provide even finer-grained information.
@comment stdio_ext.h
@comment GNU
@deftypefun int __freading (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__freading} function determines whether the stream
@var{stream} was last read from or whether it is opened read-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -377,6 +394,7 @@ This function is declared in @file{stdio_ext.h}.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fwriting (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__fwriting} function determines whether the stream
@var{stream} was last written to or whether it is opened write-only. In
this case the return value is nonzero, otherwise it is zero.
@@ -396,6 +414,21 @@ cannot perform any additional operations on it.
@comment stdio.h
@comment ISO
@deftypefun int fclose (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak, fdleak}}
+@c After fclose, it is undefined behavior to use the stream it points
+@c to. Therefore, one must only call fclose when the stream is
+@c otherwise unused. Concurrent uses started before will complete
+@c successfully because of the lock, which makes it MT-Safe. Calling it
+@c from a signal handler is perfectly safe if the stream is known to be
+@c no longer used, which is a precondition for fclose to be safe in the
+@c first place; since this is no further requirement, fclose is safe for
+@c use in async signals too. After calling fclose, you can no longer
+@c use the stream, not even to fclose it again, so its memory and file
+@c descriptor may leak if fclose is canceled before @c releasing them.
+@c That the stream must be unused and it becomes unused after the call
+@c is what would enable fclose to be AS- and AC-Safe while freopen
+@c isn't. However, because of the possibility of leaving __gconv_lock
+@c taken upon cancellation, AC-Safety is lost.
This function causes @var{stream} to be closed and the connection to
the corresponding file to be broken. Any buffered output is written
and any buffered input is discarded. The @code{fclose} function returns
@@ -418,6 +451,12 @@ another function.
@comment stdio.h
@comment GNU
@deftypefun int fcloseall (void)
+@safety{@mtunsafe{nolock}@asunsafe{nolock}@acsafe{}}
+@c Like fclose, using any previously-opened streams after fcloseall is
+@c undefined. However, the implementation of fcloseall isn't equivalent
+@c to calling fclose for all streams: it just flushes and unbuffers all
+@c streams, without any locking. It's the flushing without locking that
+@c makes it unsafe.
This function causes all open streams of the process to be closed and
the connection to corresponding files to be broken. All buffered data
is written and any buffered input is discarded. The @code{fcloseall}
@@ -474,6 +513,9 @@ perform the stream locking in the application code.
@comment stdio.h
@comment POSIX
@deftypefun void flockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
+@c There's no way to tell whether the lock was acquired before or after
+@c cancellation so as to unlock only when appropriate.
The @code{flockfile} function acquires the internal locking object
associated with the stream @var{stream}. This ensures that no other
thread can explicitly through @code{flockfile}/@code{ftrylockfile} or
@@ -485,6 +527,7 @@ thread will block until the lock is acquired. An explicit call to
@comment stdio.h
@comment POSIX
@deftypefun int ftrylockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ftrylockfile} function tries to acquire the internal locking
object associated with the stream @var{stream} just like
@code{flockfile}. But unlike @code{flockfile} this function does not
@@ -496,6 +539,7 @@ another thread.
@comment stdio.h
@comment POSIX
@deftypefun void funlockfile (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{funlockfile} function releases the internal locking object of
the stream @var{stream}. The stream must have been locked before by a
call to @code{flockfile} or a successful call of @code{ftrylockfile}.
@@ -621,6 +665,15 @@ was introduced in Solaris and is available in @theglibc{} as well.
@comment stdio_ext.h
@comment GNU
@deftypefun int __fsetlocking (FILE *@var{stream}, int @var{type})
+@safety{@mtunsafe{xguargs, uunguard, lockleak}@asunsafe{lockleak}@acsafe{}}
+@c Changing the implicit-locking status of a stream while it's in use by
+@c another thread may cause a lock to be implicitly acquired and not
+@c released, or vice-versa. This function should probably hold the lock
+@c while changing this setting, to make sure we don't change it while
+@c there are any concurrent uses. Meanwhile, callers should acquire the
+@c lock themselves to be safe, and even concurrent uses with external
+@c locking will be fine, as long as functions that require external
+@c locking are not called without holding locks.
The @code{__fsetlocking} function can be used to select whether the
stream operations will implicitly acquire the locking object of the
@@ -635,6 +688,9 @@ locking. Every stream operation with exception of the @code{_unlocked}
variants will implicitly lock the stream.
@item FSETLOCKING_BYCALLER
+@c ??? Does the possibility of disabling implicit locking on any stream
+@c make any of the non-_unlocked functions as MT-unsafe as the _unlocked
+@c ones?
After the @code{__fsetlocking} function returns the user is responsible
for locking the stream. None of the stream operations will implicitly
do this anymore until the state is set back to
@@ -725,6 +781,10 @@ will simply be strange or the application will simply crash. The
@comment wchar.h
@comment ISO
@deftypefun int fwide (FILE *@var{stream}, int @var{mode})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak}}
+@c Querying is always safe, but changing the stream when it's in use
+@c upthread may be problematic. Like most lock-acquiring functions,
+@c this one may leak the lock if canceled.
The @code{fwide} function can be used to set and query the state of the
orientation of the stream @var{stream}. If the @var{mode} parameter has
@@ -811,6 +871,16 @@ These narrow streams functions are declared in the header file
@comment stdio.h
@comment ISO
@deftypefun int fputc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
+@c If the stream is in use when interrupted by a signal, the recursive
+@c lock won't help ensure the stream is consistent; indeed, if fputc
+@c gets a signal precisely before the post-incremented _IO_write_ptr
+@c value is stored, we may overwrite the interrupted write. Conversely,
+@c depending on compiler optimizations, the incremented _IO_write_ptr
+@c may be stored before the character is stored in the buffer,
+@c corrupting the stream if async cancel hits between the two stores.
+@c There may be other reasons for AS- and AC-unsafety in the overflow
+@c cases.
The @code{fputc} function converts the character @var{c} to type
@code{unsigned char}, and writes it to the stream @var{stream}.
@code{EOF} is returned if a write error occurs; otherwise the
@@ -820,6 +890,7 @@ character @var{c} is returned.
@comment wchar.h
@comment ISO
@deftypefun wint_t fputwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{fputwc} function writes the wide character @var{wc} to the
stream @var{stream}. @code{WEOF} is returned if a write error occurs;
otherwise the character @var{wc} is returned.
@@ -828,6 +899,10 @@ otherwise the character @var{wc} is returned.
@comment stdio.h
@comment POSIX
@deftypefun int fputc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
+@c The unlocked functions can't possibly satisfy the MT-Safety
+@c requirements on their own, because they require external locking for
+@c safety.
The @code{fputc_unlocked} function is equivalent to the @code{fputc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -835,6 +910,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment POSIX
@deftypefun wint_t fputwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputwc_unlocked} function is equivalent to the @code{fputwc}
function except that it does not implicitly lock the stream.
@@ -844,6 +920,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputc}, except that most systems implement it as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -854,6 +931,7 @@ use for writing a single character.
@comment wchar.h
@comment ISO
@deftypefun wint_t putwc (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
This is just like @code{fputwc}, except that it can be implement as
a macro, making it faster. One consequence is that it may evaluate the
@var{stream} argument more than once, which is an exception to the
@@ -864,6 +942,7 @@ use for writing a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int putc_unlocked (int @var{c}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putc_unlocked} function is equivalent to the @code{putc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -871,6 +950,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwc_unlocked (wchar_t @var{wc}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwc_unlocked} function is equivalent to the @code{putwc}
function except that it does not implicitly lock the stream.
@@ -880,6 +960,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int putchar (int @var{c})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putchar} function is equivalent to @code{putc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -887,6 +968,7 @@ The @code{putchar} function is equivalent to @code{putc} with
@comment wchar.h
@comment ISO
@deftypefun wint_t putwchar (wchar_t @var{wc})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The @code{putwchar} function is equivalent to @code{putwc} with
@code{stdout} as the value of the @var{stream} argument.
@end deftypefun
@@ -894,6 +976,7 @@ The @code{putwchar} function is equivalent to @code{putwc} with
@comment stdio.h
@comment POSIX
@deftypefun int putchar_unlocked (int @var{c})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putchar_unlocked} function is equivalent to the @code{putchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -901,6 +984,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t putwchar_unlocked (wchar_t @var{wc})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{putwchar_unlocked} function is equivalent to the @code{putwchar}
function except that it does not implicitly lock the stream.
@@ -910,6 +994,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int fputs (const char *@var{s}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputs} writes the string @var{s} to the stream
@var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either.
@@ -933,6 +1018,7 @@ outputs the text @samp{Are you hungry?} followed by a newline.
@comment wchar.h
@comment ISO
@deftypefun int fputws (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{incansist, lockleak}}
The function @code{fputws} writes the wide character string @var{ws} to
the stream @var{stream}. The terminating null character is not written.
This function does @emph{not} add a newline character, either. It
@@ -945,6 +1031,7 @@ a non-negative value.
@comment stdio.h
@comment GNU
@deftypefun int fputs_unlocked (const char *@var{s}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputs_unlocked} function is equivalent to the @code{fputs}
function except that it does not implicitly lock the stream.
@@ -954,6 +1041,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun int fputws_unlocked (const wchar_t *@var{ws}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fputws_unlocked} function is equivalent to the @code{fputws}
function except that it does not implicitly lock the stream.
@@ -963,6 +1051,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int puts (const char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{puts} function writes the string @var{s} to the stream
@code{stdout} followed by a newline. The terminating null character of
the string is not written. (Note that @code{fputs} does @emph{not}
@@ -982,6 +1071,7 @@ outputs the text @samp{This is a message.} followed by a newline.
@comment stdio.h
@comment SVID
@deftypefun int putw (int @var{w}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes the word @var{w} (that is, an @code{int}) to
@var{stream}. It is provided for compatibility with SVID, but we
recommend you use @code{fwrite} instead (@pxref{Block Input/Output}).
@@ -1014,6 +1104,11 @@ it will fit in a @samp{char} variable without loss of information.
@comment stdio.h
@comment ISO
@deftypefun int fgetc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
+@c Same caveats as fputc, but instead of losing a write in case of async
+@c signals, we may read the same character more than once, and the
+@c stream may be left in odd states due to cancellation in the underflow
+@c cases.
This function reads the next character as an @code{unsigned char} from
the stream @var{stream} and returns its value, converted to an
@code{int}. If an end-of-file condition or read error occurs,
@@ -1023,6 +1118,7 @@ the stream @var{stream} and returns its value, converted to an
@comment wchar.h
@comment ISO
@deftypefun wint_t fgetwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads the next wide character from the stream @var{stream}
and returns its value. If an end-of-file condition or read error
occurs, @code{WEOF} is returned instead.
@@ -1031,6 +1127,7 @@ occurs, @code{WEOF} is returned instead.
@comment stdio.h
@comment POSIX
@deftypefun int fgetc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetc_unlocked} function is equivalent to the @code{fgetc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1038,6 +1135,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t fgetwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetwc_unlocked} function is equivalent to the @code{fgetwc}
function except that it does not implicitly lock the stream.
@@ -1047,6 +1145,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetc}, except that it is permissible (and
typical) for it to be implemented as a macro that evaluates the
@var{stream} argument more than once. @code{getc} is often highly
@@ -1057,6 +1156,7 @@ character.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwc (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This is just like @code{fgetwc}, except that it is permissible for it to
be implemented as a macro that evaluates the @var{stream} argument more
than once. @code{getwc} can be highly optimized, so it is usually the
@@ -1066,6 +1166,7 @@ best function to use to read a single wide character.
@comment stdio.h
@comment POSIX
@deftypefun int getc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getc_unlocked} function is equivalent to the @code{getc}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1073,6 +1174,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwc_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwc_unlocked} function is equivalent to the @code{getwc}
function except that it does not implicitly lock the stream.
@@ -1082,6 +1184,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun int getchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getchar} function is equivalent to @code{getc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1089,6 +1192,7 @@ as the value of the @var{stream} argument.
@comment wchar.h
@comment ISO
@deftypefun wint_t getwchar (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{getwchar} function is equivalent to @code{getwc} with @code{stdin}
as the value of the @var{stream} argument.
@end deftypefun
@@ -1096,6 +1200,7 @@ as the value of the @var{stream} argument.
@comment stdio.h
@comment POSIX
@deftypefun int getchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getchar_unlocked} function is equivalent to the @code{getchar}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -1103,6 +1208,7 @@ function except that it does not implicitly lock the stream.
@comment wchar.h
@comment GNU
@deftypefun wint_t getwchar_unlocked (void)
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{getwchar_unlocked} function is equivalent to the @code{getwchar}
function except that it does not implicitly lock the stream.
@@ -1145,6 +1251,7 @@ y_or_n_p (const char *question)
@comment stdio.h
@comment SVID
@deftypefun int getw (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads a word (that is, an @code{int}) from @var{stream}.
It's provided for compatibility with SVID. We recommend you use
@code{fread} instead (@pxref{Block Input/Output}). Unlike @code{getc},
@@ -1173,6 +1280,7 @@ All these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun ssize_t getline (char **@var{lineptr}, size_t *@var{n}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads an entire line from @var{stream}, storing the text
(including the newline and a terminating null character) in a buffer
and storing the buffer address in @code{*@var{lineptr}}.
@@ -1208,6 +1316,7 @@ If an error occurs or end of file is reached without any bytes read,
@comment stdio.h
@comment GNU
@deftypefun ssize_t getdelim (char **@var{lineptr}, size_t *@var{n}, int @var{delimiter}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is like @code{getline} except that the character which
tells it to stop reading is not necessarily newline. The argument
@var{delimiter} specifies the delimiter character; @code{getdelim} keeps
@@ -1232,6 +1341,7 @@ getline (char **lineptr, size_t *n, FILE *stream)
@comment stdio.h
@comment ISO
@deftypefun {char *} fgets (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgets} function reads characters from the stream @var{stream}
up to and including a newline character and stores them in the string
@var{s}, adding a null character to mark the end of the string. You
@@ -1255,6 +1365,7 @@ error message. We recommend using @code{getline} instead of @code{fgets}.
@comment wchar.h
@comment ISO
@deftypefun {wchar_t *} fgetws (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fgetws} function reads wide characters from the stream
@var{stream} up to and including a newline character and stores them in
the string @var{ws}, adding a null wide character to mark the end of the
@@ -1280,6 +1391,7 @@ message.
@comment stdio.h
@comment GNU
@deftypefun {char *} fgets_unlocked (char *@var{s}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgets_unlocked} function is equivalent to the @code{fgets}
function except that it does not implicitly lock the stream.
@@ -1289,6 +1401,7 @@ This function is a GNU extension.
@comment wchar.h
@comment GNU
@deftypefun {wchar_t *} fgetws_unlocked (wchar_t *@var{ws}, int @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fgetws_unlocked} function is equivalent to the @code{fgetws}
function except that it does not implicitly lock the stream.
@@ -1298,6 +1411,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefn {Deprecated function} {char *} gets (char *@var{s})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The function @code{gets} reads characters from the stream @code{stdin}
up to the next newline character, and stores them in the string @var{s}.
The newline character is discarded (note that this differs from the
@@ -1388,6 +1502,7 @@ reverses the action of @code{getc}.
@comment stdio.h
@comment ISO
@deftypefun int ungetc (int @var{c}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetc} function pushes back the character @var{c} onto the
input stream @var{stream}. So the next input from @var{stream} will
read @var{c} before anything else.
@@ -1425,6 +1540,7 @@ will encounter end of file.
@comment wchar.h
@comment ISO
@deftypefun wint_t ungetwc (wint_t @var{wc}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ungetwc} function behaves just like @code{ungetc} just that it
pushes back a wide character.
@end deftypefun
@@ -1483,6 +1599,7 @@ These functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun size_t fread (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function reads up to @var{count} objects of size @var{size} into
the array @var{data}, from the stream @var{stream}. It returns the
number of objects actually read, which might be less than @var{count} if
@@ -1498,6 +1615,7 @@ object. Therefore, the stream remains at the actual end of the file.
@comment stdio.h
@comment GNU
@deftypefun size_t fread_unlocked (void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fread_unlocked} function is equivalent to the @code{fread}
function except that it does not implicitly lock the stream.
@@ -1507,6 +1625,7 @@ This function is a GNU extension.
@comment stdio.h
@comment ISO
@deftypefun size_t fwrite (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function writes up to @var{count} objects of size @var{size} from
the array @var{data}, to the stream @var{stream}. The return value is
normally @var{count}, if the call succeeds. Any other value indicates
@@ -1516,6 +1635,7 @@ some sort of error, such as running out of space.
@comment stdio.h
@comment GNU
@deftypefun size_t fwrite_unlocked (const void *@var{data}, size_t @var{size}, size_t @var{count}, FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fwrite_unlocked} function is equivalent to the @code{fwrite}
function except that it does not implicitly lock the stream.
@@ -2257,6 +2377,7 @@ just include @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int printf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{printf} function prints the optional arguments under the
control of the template string @var{template} to the stream
@code{stdout}. It returns the number of characters printed, or a
@@ -2266,6 +2387,7 @@ negative value if there was an output error.
@comment wchar.h
@comment ISO
@deftypefun int wprintf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wprintf} function prints the optional arguments under the
control of the wide template string @var{template} to the stream
@code{stdout}. It returns the number of wide characters printed, or a
@@ -2275,6 +2397,7 @@ negative value if there was an output error.
@comment stdio.h
@comment ISO
@deftypefun int fprintf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{printf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2282,6 +2405,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment wchar.h
@comment ISO
@deftypefun int fwprintf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wprintf}, except that the output is
written to the stream @var{stream} instead of @code{stdout}.
@end deftypefun
@@ -2289,6 +2413,7 @@ written to the stream @var{stream} instead of @code{stdout}.
@comment stdio.h
@comment ISO
@deftypefun int sprintf (char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{printf}, except that the output is stored in the character
array @var{s} instead of written to a stream. A null character is written
to mark the end of the string.
@@ -2313,6 +2438,7 @@ described below.
@comment wchar.h
@comment GNU
@deftypefun int swprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wprintf}, except that the output is stored in the
wide character array @var{ws} instead of written to a stream. A null
wide character is written to mark the end of the string. The @var{size}
@@ -2337,6 +2463,7 @@ again and decided to not define an function exactly corresponding to
@comment stdio.h
@comment GNU
@deftypefun int snprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{snprintf} function is similar to @code{sprintf}, except that
the @var{size} argument specifies the maximum number of characters to
produce. The trailing null character is counted towards this limit, so
@@ -2407,6 +2534,7 @@ in dynamically allocated memory.
@comment stdio.h
@comment GNU
@deftypefun int asprintf (char **@var{ptr}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This function is similar to @code{sprintf}, except that it dynamically
allocates a string (as with @code{malloc}; @pxref{Unconstrained
Allocation}) to hold the output, instead of putting the output in a
@@ -2439,6 +2567,7 @@ make_message (char *name, char *value)
@comment stdio.h
@comment GNU
@deftypefun int obstack_printf (struct obstack *@var{obstack}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
This function is similar to @code{asprintf}, except that it uses the
obstack @var{obstack} to allocate the space. @xref{Obstacks}.
@@ -2509,6 +2638,7 @@ Prototypes for these functions are declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int vprintf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{printf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2517,6 +2647,7 @@ pointer @var{ap}.
@comment wchar.h
@comment ISO
@deftypefun int vwprintf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wprintf} except that, instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap}.
@@ -2525,6 +2656,12 @@ pointer @var{ap}.
@comment stdio.h
@comment ISO
@deftypefun int vfprintf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
+@c Although vfprintf sets up a cleanup region to release the lock on the
+@c output stream, it doesn't use it to release args_value or string in
+@c case of cancellation. This doesn't make it unsafe, but cancelling it
+@c may leak memory. The unguarded use of __printf_function_table is
+@c also of concern for all callers.
This is the equivalent of @code{fprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2532,6 +2669,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwprintf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2539,6 +2677,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment ISO
@deftypefun int vsprintf (char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2546,6 +2685,7 @@ specified directly as for @code{vprintf}.
@comment wchar.h
@comment GNU
@deftypefun int vswprintf (wchar_t *@var{s}, size_t @var{size}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swprintf} with the variable argument list
specified directly as for @code{vwprintf}.
@end deftypefun
@@ -2553,6 +2693,7 @@ specified directly as for @code{vwprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vsnprintf (char *@var{s}, size_t @var{size}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{snprintf} with the variable argument list
specified directly as for @code{vprintf}.
@end deftypefun
@@ -2560,6 +2701,7 @@ specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int vasprintf (char **@var{ptr}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
The @code{vasprintf} function is the equivalent of @code{asprintf} with the
variable argument list specified directly as for @code{vprintf}.
@end deftypefun
@@ -2567,6 +2709,10 @@ variable argument list specified directly as for @code{vprintf}.
@comment stdio.h
@comment GNU
@deftypefun int obstack_vprintf (struct obstack *@var{obstack}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{xguargs, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acsafe{incansist, memleak}}
+@c The obstack is not guarded by mutexes, it might be at an inconsistent
+@c state within a signal handler, and it could be left at an
+@c inconsistent state in case of cancellation.
The @code{obstack_vprintf} function is the equivalent of
@code{obstack_printf} with the variable argument list specified directly
as for @code{vprintf}.@refill
@@ -2639,6 +2785,7 @@ file @file{printf.h}.
@comment printf.h
@comment GNU
@deftypefun size_t parse_printf_format (const char *@var{template}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{glocale-revisit}@acsafe{}}
This function returns information about the number and types of
arguments expected by the @code{printf} template string @var{template}.
The information is stored in the array @var{argtypes}; each element of
@@ -2879,6 +3026,12 @@ The function to register a new output conversion is
@comment printf.h
@comment GNU
@deftypefun int register_printf_function (int @var{spec}, printf_function @var{handler-function}, printf_arginfo_function @var{arginfo-function})
+@safety{@mtunsafe{uunguard}@asunsafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
+@c This function is guarded by the global non-recursive libc lock, but
+@c users of the variables it sets aren't, and those should be MT-Safe,
+@c so we're ruling out the use of this extension with threads. Calling
+@c it from a signal handler may self-deadlock, and cancellation may
+@c leave the lock held, besides leaking allocated memory.
This function defines the conversion specifier character @var{spec}.
Thus, if @var{spec} is @code{'Y'}, it defines the conversion @samp{%Y}.
You can redefine the built-in conversions like @samp{%s}, but flag
@@ -3125,6 +3278,12 @@ which implement a special way to print floating-point numbers.
@comment printf.h
@comment GNU
@deftypefun int printf_size (FILE *@var{fp}, const struct printf_info *@var{info}, const void *const *@var{args})
+@safety{@mtunsafe{nolock, glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, incansist}}
+@c This is meant to be called by vfprintf, that should hold the lock on
+@c the stream, but if this function is called directly, output will be
+@c racy, besides the uses of the global locale object while other
+@c threads may be changing it and the possbility of leaving the stream
+@c object in an inconsistent state in case of cancellation.
Print a given floating point number as for the format @code{%f} except
that there is a postfix character indicating the divisor for the
number to make this less than 1000. There are two possible divisors:
@@ -3183,6 +3342,7 @@ provide the function which returns information about the arguments.
@comment printf.h
@comment GNU
@deftypefun int printf_size_info (const struct printf_info *@var{info}, size_t @var{n}, int *@var{argtypes})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function will return in @var{argtypes} the information about the
used parameters in the way the @code{vfprintf} implementation expects
it. The format always takes one argument.
@@ -3799,6 +3959,7 @@ Prototypes for these functions are in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int scanf (const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{scanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3813,6 +3974,7 @@ template, then @code{EOF} is returned.
@comment wchar.h
@comment ISO
@deftypefun int wscanf (const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
The @code{wscanf} function reads formatted input from the stream
@code{stdin} under the control of the template string @var{template}.
The optional arguments are pointers to the places which receive the
@@ -3827,6 +3989,7 @@ template, then @code{WEOF} is returned.
@comment stdio.h
@comment ISO
@deftypefun int fscanf (FILE *@var{stream}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{scanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3834,6 +3997,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment wchar.h
@comment ISO
@deftypefun int fwscanf (FILE *@var{stream}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is just like @code{wscanf}, except that the input is read
from the stream @var{stream} instead of @code{stdin}.
@end deftypefun
@@ -3841,6 +4005,7 @@ from the stream @var{stream} instead of @code{stdin}.
@comment stdio.h
@comment ISO
@deftypefun int sscanf (const char *@var{s}, const char *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{scanf}, except that the characters are taken from the
null-terminated string @var{s} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3854,6 +4019,7 @@ as an argument to receive a string read under control of the @samp{%s},
@comment wchar.h
@comment ISO
@deftypefun int swscanf (const wchar_t *@var{ws}, const wchar_t *@var{template}, @dots{})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is like @code{wscanf}, except that the characters are taken from the
null-terminated string @var{ws} instead of from a stream. Reaching the
end of the string is treated as an end-of-file condition.
@@ -3880,6 +4046,7 @@ introduced in @w{ISO C99} and were before available as GNU extensions.
@comment stdio.h
@comment ISO
@deftypefun int vscanf (const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{scanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3888,6 +4055,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment wchar.h
@comment ISO
@deftypefun int vwscanf (const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This function is similar to @code{wscanf}, but instead of taking
a variable number of arguments directly, it takes an argument list
pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@@ -3896,6 +4064,7 @@ pointer @var{ap} of type @code{va_list} (@pxref{Variadic Functions}).
@comment stdio.h
@comment ISO
@deftypefun int vfscanf (FILE *@var{stream}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3903,6 +4072,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vfwscanf (FILE *@var{stream}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asynconsist, asmalloc, glocale-revisit}@acunsafe{memleak, lockleak, incansist}}
This is the equivalent of @code{fwscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3910,6 +4080,7 @@ specified directly as for @code{vwscanf}.
@comment stdio.h
@comment ISO
@deftypefun int vsscanf (const char *@var{s}, const char *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{sscanf} with the variable argument list
specified directly as for @code{vscanf}.
@end deftypefun
@@ -3917,6 +4088,7 @@ specified directly as for @code{vscanf}.
@comment wchar.h
@comment ISO
@deftypefun int vswscanf (const wchar_t *@var{s}, const wchar_t *@var{template}, va_list @var{ap})
+@safety{@mtunsafe{glocale-revisit}@asunsafe{asmalloc, glocale-revisit}@acsafe{memleak}}
This is the equivalent of @code{swscanf} with the variable argument list
specified directly as for @code{vwscanf}.
@end deftypefun
@@ -3966,6 +4138,7 @@ This symbol is declared in @file{wchar.h}.
@comment stdio.h
@comment ISO
@deftypefun int feof (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{feof} function returns nonzero if and only if the end-of-file
indicator for the stream @var{stream} is set.
@@ -3975,6 +4148,9 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int feof_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c There isn't much of a thread unsafety risk in reading a flag word and
+@c testing a bit in it.
The @code{feof_unlocked} function is equivalent to the @code{feof}
function except that it does not implicitly lock the stream.
@@ -3986,6 +4162,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int ferror (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
The @code{ferror} function returns nonzero if and only if the error
indicator for the stream @var{stream} is set, indicating that an error
has occurred on a previous operation on the stream.
@@ -3996,6 +4173,7 @@ This symbol is declared in @file{stdio.h}.
@comment stdio.h
@comment GNU
@deftypefun int ferror_unlocked (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ferror_unlocked} function is equivalent to the @code{ferror}
function except that it does not implicitly lock the stream.
@@ -4023,6 +4201,7 @@ function.
@comment stdio.h
@comment ISO
@deftypefun void clearerr (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acunsafe{lockleak}}
This function clears the end-of-file and error indicators for the
stream @var{stream}.
@@ -4033,6 +4212,7 @@ end-of-file indicator for the stream.
@comment stdio.h
@comment GNU
@deftypefun void clearerr_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@assafe{}@acunsafe{lockleak}}
The @code{clearerr_unlocked} function is equivalent to the @code{clearerr}
function except that it does not implicitly lock the stream.
@@ -4146,6 +4326,7 @@ are declared in the header file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun {long int} ftell (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function returns the current file position of the stream
@var{stream}.
@@ -4158,6 +4339,7 @@ possibly for other reasons as well. If a failure occurs, a value of
@comment stdio.h
@comment Unix98
@deftypefun off_t ftello (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{ftello} function is similar to @code{ftell}, except that it
returns a value of type @code{off_t}. Systems which support this type
use it to describe all file positions, unlike the POSIX specification
@@ -4181,6 +4363,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun off64_t ftello64 (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{ftello} with the only difference that
the return value is of type @code{off64_t}. This also requires that the
stream @var{stream} was opened using either @code{fopen64},
@@ -4196,6 +4379,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fseek (FILE *@var{stream}, long int @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{fseek} function is used to change the file position of the
stream @var{stream}. The value of @var{whence} must be one of the
constants @code{SEEK_SET}, @code{SEEK_CUR}, or @code{SEEK_END}, to
@@ -4215,6 +4399,7 @@ place in the file.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko (FILE *@var{stream}, off_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseek} but it corrects a problem with
@code{fseek} in a system with POSIX types. Using a value of type
@code{long int} for the offset is not compatible with POSIX.
@@ -4238,6 +4423,7 @@ LFS interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fseeko64 (FILE *@var{stream}, off64_t @var{offset}, int @var{whence})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fseeko} with the only difference that
the @var{offset} parameter is of type @code{off64_t}. This also
requires that the stream @var{stream} was opened using either
@@ -4286,6 +4472,7 @@ the offset provided is relative to the end of the file.
@comment stdio.h
@comment ISO
@deftypefun void rewind (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{rewind} function positions the stream @var{stream} at the
beginning of the file. It is equivalent to calling @code{fseek} or
@code{fseeko} on the @var{stream} with an @var{offset} argument of
@@ -4407,6 +4594,7 @@ representation.
@comment stdio.h
@comment ISO
@deftypefun int fgetpos (FILE *@var{stream}, fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function stores the value of the file position indicator for the
stream @var{stream} in the @code{fpos_t} object pointed to by
@var{position}. If successful, @code{fgetpos} returns zero; otherwise
@@ -4421,6 +4609,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fgetpos64 (FILE *@var{stream}, fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fgetpos} but the file position is
returned in a variable of type @code{fpos64_t} to which @var{position}
points.
@@ -4433,6 +4622,7 @@ and so transparently replaces the old interface.
@comment stdio.h
@comment ISO
@deftypefun int fsetpos (FILE *@var{stream}, const fpos_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function sets the file position indicator for the stream @var{stream}
to the position @var{position}, which must have been set by a previous
call to @code{fgetpos} on the same stream. If successful, @code{fsetpos}
@@ -4449,6 +4639,7 @@ interface transparently replaces the old interface.
@comment stdio.h
@comment Unix98
@deftypefun int fsetpos64 (FILE *@var{stream}, const fpos64_t *@var{position})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is similar to @code{fsetpos} but the file position used
for positioning is provided in a variable of type @code{fpos64_t} to
which @var{position} points.
@@ -4560,6 +4751,7 @@ If you want to flush the buffered output at another time, call
@comment stdio.h
@comment ISO
@deftypefun int fflush (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function causes any buffered output on @var{stream} to be delivered
to the file. If @var{stream} is a null pointer, then
@code{fflush} causes buffered output on @emph{all} open output streams
@@ -4572,6 +4764,7 @@ otherwise.
@comment stdio.h
@comment POSIX
@deftypefun int fflush_unlocked (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{fflush_unlocked} function is equivalent to the @code{fflush}
function except that it does not implicitly lock the stream.
@end deftypefun
@@ -4588,6 +4781,7 @@ exported.
@comment stdio_ext.h
@comment GNU
@deftypefun void _flushlbf (void)
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
The @code{_flushlbf} function flushes all line buffered streams
currently opened.
@@ -4609,6 +4803,7 @@ situation a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun void __fpurge (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acunsafe{incansist}}
The @code{__fpurge} function causes the buffer of the stream
@var{stream} to be emptied. If the stream is currently in read mode all
input in the buffer is lost. If the stream is in output mode the
@@ -4633,6 +4828,7 @@ file @file{stdio.h}.
@comment stdio.h
@comment ISO
@deftypefun int setvbuf (FILE *@var{stream}, char *@var{buf}, int @var{mode}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function is used to specify that the stream @var{stream} should
have the buffering mode @var{mode}, which can be either @code{_IOFBF}
(for full buffering), @code{_IOLBF} (for line buffering), or
@@ -4710,6 +4906,7 @@ efficient size.
@comment stdio.h
@comment ISO
@deftypefun void setbuf (FILE *@var{stream}, char *@var{buf})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, the effect of this function is
equivalent to calling @code{setvbuf} with a @var{mode} argument of
@code{_IONBF}. Otherwise, it is equivalent to calling @code{setvbuf}
@@ -4723,6 +4920,7 @@ use @code{setvbuf} in all new programs.
@comment stdio.h
@comment BSD
@deftypefun void setbuffer (FILE *@var{stream}, char *@var{buf}, size_t @var{size})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
If @var{buf} is a null pointer, this function makes @var{stream} unbuffered.
Otherwise, it makes @var{stream} fully buffered using @var{buf} as the
buffer. The @var{size} argument specifies the length of @var{buf}.
@@ -4734,6 +4932,7 @@ This function is provided for compatibility with old BSD code. Use
@comment stdio.h
@comment BSD
@deftypefun void setlinebuf (FILE *@var{stream})
+@safety{@mtsafe{}@asunsafe{asynconsist}@acunsafe{lockleak, incansist}}
This function makes @var{stream} be line buffered, and allocates the
buffer for you.
@@ -4748,6 +4947,7 @@ using a non-standard function introduced in Solaris and available in
@comment stdio_ext.h
@comment GNU
@deftypefun int __flbf (FILE *@var{stream})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{__flbf} function will return a nonzero value in case the
stream @var{stream} is line buffered. Otherwise the return value is
zero.
@@ -4761,6 +4961,7 @@ much of it is used. These functions were also introduced in Solaris.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fbufsize (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fbufsize} function return the size of the buffer in the
stream @var{stream}. This value can be used to optimize the use of the
stream.
@@ -4771,6 +4972,7 @@ This function is declared in the @file{stdio_ext.h} header.
@comment stdio_ext.h
@comment GNU
@deftypefun size_t __fpending (FILE *@var{stream})
+@safety{@mtunsafe{nolock}@asunsafe{asynconsist}@acsafe{}}
The @code{__fpending}
function returns the number of bytes currently in the output buffer.
For wide-oriented stream the measuring unit is wide characters. This
@@ -4818,6 +5020,10 @@ I/O to a string or memory buffer. These facilities are declared in
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fmemopen (void *@var{buf}, size_t @var{size}, const char *@var{opentype})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acsafe{memleak, lockleak}}
+@c Unlike open_memstream, fmemopen does (indirectly) call _IO_link_in,
+@c bringing with it additional potential for async trouble with
+@c list_all_lock.
This function opens a stream that allows the access specified by the
@var{opentype} argument, that reads from or writes to the buffer specified
by the argument @var{buf}. This array must be at least @var{size} bytes long.
@@ -4870,6 +5076,7 @@ Got r
@comment stdio.h
@comment GNU
@deftypefun {FILE *} open_memstream (char **@var{ptr}, size_t *@var{sizeloc})
+@safety{@mtsafe{}@assafe{asmalloc}@acsafe{memleak}}
This function opens a stream for writing to a buffer. The buffer is
allocated dynamically and grown as necessary, using @code{malloc}.
After you've closed the stream, this buffer is your responsibility to
@@ -4985,6 +5192,7 @@ closed.
@comment stdio.h
@comment GNU
@deftypefun {FILE *} fopencookie (void *@var{cookie}, const char *@var{opentype}, cookie_io_functions_t @var{io-functions})
+@safety{@mtsafe{}@assafe{asmalloc, selfdeadlock}@acunsafe{memleak, lockleak}}
This function actually creates the stream for communicating with the
@var{cookie} using the functions in the @var{io-functions} argument.
The @var{opentype} argument is interpreted as for @code{fopen};
@@ -5166,6 +5374,7 @@ It is a non-recoverable error.
@comment fmtmsg.h
@comment XPG
@deftypefun int fmtmsg (long int @var{classification}, const char *@var{label}, int @var{severity}, const char *@var{text}, const char *@var{action}, const char *@var{tag})
+@safety{@mtsafe{}@asunsafe{selfdeadlock}@acsafe{}}
Display a message described by its parameters on the device(s) specified
in the @var{classification} parameter. The @var{label} parameter
identifies the source of the message. The string should consist of two
@@ -5306,6 +5515,7 @@ introducing new classes in a running program. One could use the
but this is toilsome.
@deftypefun int addseverity (int @var{severity}, const char *@var{string})
+@safety{@mtsafe{}@asunsafe{asmalloc, selfdeadlock}@acunsafe{lockleak, memleak}}
This function allows the introduction of new severity classes which can be
addressed by the @var{severity} parameter of the @code{fmtmsg} function.
The @var{severity} parameter of @code{addseverity} must match the value
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
commit ff79da305c9dfa8cdc253ef91e3af827e98ecd2b
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:39 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/arith.texi: Document thread safety properties.
diff --git a/manual/arith.texi b/manual/arith.texi
index 77056c3..833e0c9 100644
--- a/manual/arith.texi
+++ b/manual/arith.texi
@@ -160,6 +160,8 @@ The remainder from the division.
@comment stdlib.h
@comment ISO
@deftypefun div_t div (int @var{numerator}, int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c Functions in this section are pure, and thus safe.
This function @code{div} computes the quotient and remainder from
the division of @var{numerator} by @var{denominator}, returning the
result in a structure of type @code{div_t}.
@@ -199,6 +201,7 @@ type @code{long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun ldiv_t ldiv (long int @var{numerator}, long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ldiv} function is similar to @code{div}, except that the
arguments are of type @code{long int} and the result is returned as a
structure of type @code{ldiv_t}.
@@ -225,6 +228,7 @@ type @code{long long int} rather than @code{int}.)
@comment stdlib.h
@comment ISO
@deftypefun lldiv_t lldiv (long long int @var{numerator}, long long int @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{lldiv} function is like the @code{div} function, but the
arguments are of type @code{long long int} and the result is returned as
a structure of type @code{lldiv_t}.
@@ -256,6 +260,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment inttypes.h
@comment ISO
@deftypefun imaxdiv_t imaxdiv (intmax_t @var{numerator}, intmax_t @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{imaxdiv} function is like the @code{div} function, but the
arguments are of type @code{intmax_t} and the result is returned as
a structure of type @code{imaxdiv_t}.
@@ -410,6 +415,7 @@ not have to worry about the type of their argument.
@comment math.h
@comment BSD
@deftypefunx int isinfl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns @code{-1} if @var{x} represents negative infinity,
@code{1} if @var{x} represents positive infinity, and @code{0} otherwise.
@end deftypefun
@@ -423,6 +429,7 @@ This function returns @code{-1} if @var{x} represents negative infinity,
@comment math.h
@comment BSD
@deftypefunx int isnanl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is a ``not a number''
value, and zero otherwise.
@@ -445,6 +452,7 @@ function for some reason, you can write
@comment math.h
@comment BSD
@deftypefunx int finitel (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns a nonzero value if @var{x} is finite or a ``not a
number'' value, and zero otherwise.
@end deftypefun
@@ -713,6 +721,22 @@ and save and restore the set of exceptions flagged.
@comment fenv.h
@comment ISO
@deftypefun int feclearexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{unposix}@acsafe{unposix}}
+@c The other functions in this section that modify FP status register
+@c mostly do so with non-atomic load-modify-store sequences, but since
+@c the register is thread-specific, this should be fine, and safe for
+@c cancellation. As long as the FP environment is restored before the
+@c signal handler returns control to the interrupted thread (like any
+@c kernel should do), the functions are also safe for use in signal
+@c handlers.
+@c
+@c FIXME: simfpu: Floating point emulation on powerpc is the exception:
+@c __sim_exception, __sim_disabled_exception and __sim_round_mode
+@c variables, that emulate a floating-point status register, are not
+@c thread-specific variables, so many of these functions are not MT-safe
+@c on that platform. This is probably a bug. These variables aren't
+@c restored by the signal machinery either, making the functions also
+@c async-signal-unsafe on this platform.
This function clears all of the supported exception flags indicated by
@var{excepts}.
@@ -723,6 +747,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feraiseexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function raises the supported exceptions indicated by
@var{excepts}. If more than one exception bit in @var{excepts} is set
the order in which the exceptions are raised is undefined except that
@@ -738,6 +763,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fetestexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Test whether the exception flags indicated by the parameter @var{except}
are currently set. If any of them are, a nonzero value is returned
which specifies which exceptions are set. Otherwise the result is zero.
@@ -774,6 +800,7 @@ following functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetexceptflag (fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function stores in the variable pointed to by @var{flagp} an
implementation-defined value representing the current setting of the
exception flags indicated by @var{excepts}.
@@ -785,6 +812,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int fesetexceptflag (const fexcept_t *@var{flagp}, int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This function restores the flags for the exceptions indicated by
@var{excepts} to the values stored in the variable pointed to by
@var{flagp}.
@@ -940,6 +968,7 @@ find out which one with this function:
@comment fenv.h
@comment ISO
@deftypefun int fegetround (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Returns the currently selected rounding mode, represented by one of the
values of the defined rounding mode macros.
@end deftypefun
@@ -950,6 +979,7 @@ To change the rounding mode, use this function:
@comment fenv.h
@comment ISO
@deftypefun int fesetround (int @var{round})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Changes the currently selected rounding mode to @var{round}. If
@var{round} does not correspond to one of the supported rounding modes
nothing is changed. @code{fesetround} returns zero if it changed the
@@ -994,6 +1024,7 @@ To save the state of the FPU, use one of these functions:
@comment fenv.h
@comment ISO
@deftypefun int fegetenv (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the floating-point environment in the variable pointed to by
@var{envp}.
@@ -1004,6 +1035,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feholdexcept (fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Store the current floating-point environment in the object pointed to by
@var{envp}. Then clear all exception flags, and set the FPU to trap no
exceptions. Not all FPUs support trapping no exceptions; if
@@ -1042,6 +1074,7 @@ functions:
@comment fenv.h
@comment ISO
@deftypefun int fesetenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Set the floating-point environment to that described by @var{envp}.
The function returns zero in case the operation was successful, a
@@ -1051,6 +1084,7 @@ non-zero value otherwise.
@comment fenv.h
@comment ISO
@deftypefun int feupdateenv (const fenv_t *@var{envp})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
Like @code{fesetenv}, this function sets the floating-point environment
to that described by @var{envp}. However, if any exceptions were
flagged in the status word before @code{feupdateenv} was called, they
@@ -1071,6 +1105,7 @@ occur, you can use the following two functions.
@comment fenv.h
@comment GNU
@deftypefun int feenableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions enables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1083,6 +1118,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fedisableexcept (int @var{excepts})
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
This functions disables traps for each of the exceptions as indicated by
the parameter @var{except}. The individual exceptions are described in
@ref{Status bit operations}. Only the specified exceptions are
@@ -1095,6 +1131,7 @@ operation was successful, @code{-1} otherwise.
@comment fenv.h
@comment GNU
@deftypefun int fegetexcept (void)
+@safety{@mtsafe{simfpu}@assafe{}@acsafe{}}
The function returns a bitmask of all currently enabled exceptions. It
returns @code{-1} in case of failure.
@end deftypefun
@@ -1146,6 +1183,7 @@ Prototypes for @code{abs}, @code{labs} and @code{llabs} are in @file{stdlib.h};
@comment inttypes.h
@comment ISO
@deftypefunx intmax_t imaxabs (intmax_t @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of @var{number}.
Most computers use a two's complement integer representation, in which
@@ -1167,6 +1205,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type.
@comment math.h
@comment ISO
@deftypefunx {long double} fabsl (long double @var{number})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function returns the absolute value of the floating-point number
@var{number}.
@end deftypefun
@@ -1180,6 +1219,7 @@ This function returns the absolute value of the floating-point number
@comment complex.h
@comment ISO
@deftypefunx {long double} cabsl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the absolute value of the complex number @var{z}
(@pxref{Complex Numbers}). The absolute value of a complex number is:
@@ -1217,6 +1257,7 @@ All these functions are declared in @file{math.h}.
@comment math.h
@comment ISO
@deftypefunx {long double} frexpl (long double @var{value}, int *@var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are used to split the number @var{value}
into a normalized fraction and an exponent.
@@ -1242,6 +1283,7 @@ zero is stored in @code{*@var{exponent}}.
@comment math.h
@comment ISO
@deftypefunx {long double} ldexpl (long double @var{value}, int @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the result of multiplying the floating-point
number @var{value} by 2 raised to the power @var{exponent}. (It can
be used to reassemble floating-point numbers that were taken apart
@@ -1263,6 +1305,7 @@ equivalent to those of @code{ldexp} and @code{frexp}. See also the
@comment math.h
@comment BSD
@deftypefunx {long double} scalbl (long double @var{value}, long double @var{exponent})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{scalb} function is the BSD name for @code{ldexp}.
@end deftypefun
@@ -1275,6 +1318,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalbnl (long double @var{x}, int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbn} is identical to @code{scalb}, except that the exponent
@var{n} is an @code{int} instead of a floating-point number.
@end deftypefun
@@ -1288,6 +1332,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} scalblnl (long double @var{x}, long int @var{n})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{scalbln} is identical to @code{scalb}, except that the exponent
@var{n} is a @code{long int} instead of a floating-point number.
@end deftypefun
@@ -1301,6 +1346,7 @@ The @code{scalb} function is the BSD name for @code{ldexp}.
@comment math.h
@comment BSD
@deftypefunx {long double} significandl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{significand} returns the mantissa of @var{x} scaled to the range
@math{[1, 2)}.
It is equivalent to @w{@code{scalb (@var{x}, (double) -ilogb (@var{x}))}}.
@@ -1335,6 +1381,7 @@ result as a @code{double} instead to get around this problem.
@comment math.h
@comment ISO
@deftypefunx {long double} ceill (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} upwards to the nearest integer,
returning that value as a @code{double}. Thus, @code{ceil (1.5)}
is @code{2.0}.
@@ -1349,6 +1396,7 @@ is @code{2.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} floorl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} downwards to the nearest
integer, returning that value as a @code{double}. Thus, @code{floor
(1.5)} is @code{1.0} and @code{floor (-1.5)} is @code{-2.0}.
@@ -1363,6 +1411,7 @@ integer, returning that value as a @code{double}. Thus, @code{floor
@comment math.h
@comment ISO
@deftypefunx {long double} truncl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{trunc} functions round @var{x} towards zero to the nearest
integer (returned in floating-point format). Thus, @code{trunc (1.5)}
is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@@ -1377,6 +1426,7 @@ is @code{1.0} and @code{trunc (-1.5)} is @code{-1.0}.
@comment math.h
@comment ISO
@deftypefunx {long double} rintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions round @var{x} to an integer value according to the
current rounding mode. @xref{Floating Point Parameters}, for
information about the various rounding modes. The default
@@ -1397,6 +1447,7 @@ inexact exception.
@comment math.h
@comment ISO
@deftypefunx {long double} nearbyintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the same value as the @code{rint} functions, but
do not raise the inexact exception if @var{x} is not an integer.
@end deftypefun
@@ -1410,6 +1461,7 @@ do not raise the inexact exception if @var{x} is not an integer.
@comment math.h
@comment ISO
@deftypefunx {long double} roundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are similar to @code{rint}, but they round halfway
cases away from zero instead of to the nearest integer (or other
current rounding mode).
@@ -1424,6 +1476,7 @@ current rounding mode).
@comment math.h
@comment ISO
@deftypefunx {long int} lrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1437,6 +1490,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llrintl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{rint}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1450,6 +1504,7 @@ These functions are just like @code{rint}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long int} lroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long int} instead of a floating-point number.
@end deftypefun
@@ -1463,6 +1518,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long long int} llroundl (long double @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are just like @code{round}, but they return a
@code{long long int} instead of a floating-point number.
@end deftypefun
@@ -1477,6 +1533,7 @@ These functions are just like @code{round}, but they return a
@comment math.h
@comment ISO
@deftypefunx {long double} modfl (long double @var{value}, long double *@var{integer-part})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions break the argument @var{value} into an integer part and a
fractional part (between @code{-1} and @code{1}, exclusive). Their sum
equals @var{value}. Each of the parts has the same sign as @var{value},
@@ -1503,6 +1560,7 @@ suits your problem.
@comment math.h
@comment ISO
@deftypefunx {long double} fmodl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions compute the remainder from the division of
@var{numerator} by @var{denominator}. Specifically, the return value is
@code{@var{numerator} - @w{@var{n} * @var{denominator}}}, where @var{n}
@@ -1525,6 +1583,7 @@ If @var{denominator} is zero, @code{fmod} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} dreml (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are like @code{fmod} except that they round the
internal quotient @var{n} to the nearest integer instead of towards zero
to an integer. For example, @code{drem (6.5, 2.3)} returns @code{-0.4},
@@ -1548,6 +1607,7 @@ If @var{denominator} is zero, @code{drem} signals a domain error.
@comment math.h
@comment BSD
@deftypefunx {long double} remainderl (long double @var{numerator}, long double @var{denominator})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is another name for @code{drem}.
@end deftypefun
@@ -1569,6 +1629,7 @@ bits.
@comment math.h
@comment ISO
@deftypefunx {long double} copysignl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return @var{x} but with the sign of @var{y}. They work
even if @var{x} or @var{y} are NaN or zero. Both of these can carry a
sign (although not all implementations support it) and this is one of
@@ -1584,6 +1645,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefun int signbit (@emph{float-type} @var{x})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
@code{signbit} is a generic macro which can work on all floating-point
types. It returns a nonzero value if the value of @var{x} has its sign
bit set.
@@ -1602,6 +1664,7 @@ false, but @code{signbit (-0.0)} will return a nonzero value.
@comment math.h
@comment ISO
@deftypefunx {long double} nextafterl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{nextafter} function returns the next representable neighbor of
@var{x} in the direction towards @var{y}. The size of the step between
@var{x} and the result depends on the type of the result. If
@@ -1625,6 +1688,7 @@ recommended functions in @w{IEEE 754}/@w{IEEE 854}).
@comment math.h
@comment ISO
@deftypefunx {long double} nexttowardl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions are identical to the corresponding versions of
@code{nextafter} except that their second argument is a @code{long
double}.
@@ -1640,6 +1704,8 @@ double}.
@comment math.h
@comment ISO
@deftypefunx {long double} nanl (const char *@var{tagp})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c The unsafe-but-ruled-safe locale use comes from strtod.
The @code{nan} function returns a representation of NaN, provided that
NaN is supported by the target platform.
@code{nan ("@var{n-char-sequence}")} is equivalent to
@@ -1674,6 +1740,7 @@ arguments only once.
@comment math.h
@comment ISO
@deftypefn Macro int isgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than
@var{y}. It is equivalent to @code{(@var{x}) > (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1682,6 +1749,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isgreaterequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is greater than or
equal to @var{y}. It is equivalent to @code{(@var{x}) >= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1690,6 +1758,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isless (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than @var{y}.
It is equivalent to @code{(@var{x}) < (@var{y})}, but no exception is
raised if @var{x} or @var{y} are NaN.
@@ -1698,6 +1767,7 @@ raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessequal (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less than or equal
to @var{y}. It is equivalent to @code{(@var{x}) <= (@var{y})}, but no
exception is raised if @var{x} or @var{y} are NaN.
@@ -1706,6 +1776,7 @@ exception is raised if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int islessgreater (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether the argument @var{x} is less or greater
than @var{y}. It is equivalent to @code{(@var{x}) < (@var{y}) ||
(@var{x}) > (@var{y})} (although it only evaluates @var{x} and @var{y}
@@ -1718,6 +1789,7 @@ expression is true if @var{x} or @var{y} are NaN.
@comment math.h
@comment ISO
@deftypefn Macro int isunordered (@emph{real-floating} @var{x}, @emph{real-floating} @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This macro determines whether its arguments are unordered. In other
words, it is true if @var{x} or @var{y} are NaN, and false otherwise.
@end deftypefn
@@ -1751,6 +1823,7 @@ perform these operations faster than the equivalent C code.
@comment math.h
@comment ISO
@deftypefunx {long double} fminl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmin} function returns the lesser of the two values @var{x}
and @var{y}. It is similar to the expression
@smallexample
@@ -1771,6 +1844,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fmaxl (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fmax} function returns the greater of the two values @var{x}
and @var{y}.
@@ -1787,6 +1861,7 @@ are NaN, NaN is returned.
@comment math.h
@comment ISO
@deftypefunx {long double} fdiml (long double @var{x}, long double @var{y})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fdim} function returns the positive difference between
@var{x} and @var{y}. The positive difference is @math{@var{x} -
@var{y}} if @var{x} is greater than @var{y}, and @math{0} otherwise.
@@ -1804,6 +1879,7 @@ If @var{x}, @var{y}, or both are NaN, NaN is returned.
@comment ISO
@deftypefunx {long double} fmal (long double @var{x}, long double @var{y}, long double @var{z})
@cindex butterfly
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fma} function performs floating-point multiply-add. This is
the operation @math{(@var{x} @mul{} @var{y}) + @var{z}}, but the
intermediate result is not rounded to the destination type. This can
@@ -1933,6 +2009,7 @@ available in three variants, one for each of the three complex types.
@comment complex.h
@comment ISO
@deftypefunx {long double} creall (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the real part of the complex number @var{z}.
@end deftypefun
@@ -1945,6 +2022,7 @@ These functions return the real part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cimagl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the imaginary part of the complex number @var{z}.
@end deftypefun
@@ -1957,6 +2035,7 @@ These functions return the imaginary part of the complex number @var{z}.
@comment complex.h
@comment ISO
@deftypefunx {complex long double} conjl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the conjugate value of the complex number
@var{z}. The conjugate of a complex number has the same real part and a
negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@@ -1971,6 +2050,7 @@ negated imaginary part. In other words, @samp{conj(a + bi) = a + -bi}.
@comment complex.h
@comment ISO
@deftypefunx {long double} cargl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the argument of the complex number @var{z}.
The argument of a complex number is the angle in the complex plane
between the positive real axis and a line passing through zero and the
@@ -1989,6 +2069,7 @@ number. This angle is measured in the usual fashion and ranges from
@comment complex.h
@comment ISO
@deftypefunx {complex long double} cprojl (complex long double @var{z})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
These functions return the projection of the complex value @var{z} onto
the Riemann sphere. Values with a infinite imaginary part are projected
to positive infinity on the real axis, even if the real part is NaN. If
@@ -2034,6 +2115,16 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun {long int} strtol (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c strtol uses the thread-local pointer to the locale in effect, and
+@c strtol_l loads the LC_NUMERIC locale data from it early on and once,
+@c but if the locale is the global locale, and another thread calls
+@c setlocale in a way that modifies the pointer to the LC_CTYPE locale
+@c category, the behavior of e.g. IS*, TOUPPER will vary throughout the
+@c execution of the function, because they re-read the locale data from
+@c the given locale pointer. We solved this by documenting setlocale as
+@c MT-Unsafe, but there might be other reasons why it's neither MT- nor
+@c AS-Safe; recheck.
The @code{strtol} (``string-to-long'') function converts the initial
part of @var{string} to a signed integer, which is returned as a value
of type @code{long int}.
@@ -2097,6 +2188,7 @@ There is an example at the end of this section.
@comment wchar.h
@comment ISO
@deftypefun {long int} wcstol (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstol} function is equivalent to the @code{strtol} function
in nearly all aspects but handles wide character strings.
@@ -2106,6 +2198,7 @@ The @code{wcstol} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long int} strtoul (const char *retrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoul} (``string-to-unsigned-long'') function is like
@code{strtol} except it converts to an @code{unsigned long int} value.
The syntax is the same as described above for @code{strtol}. The value
@@ -2124,6 +2217,7 @@ range, or @code{ERANGE} on overflow.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long int} wcstoul (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoul} function is equivalent to the @code{strtoul} function
in nearly all aspects but handles wide character strings.
@@ -2133,6 +2227,7 @@ The @code{wcstoul} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} strtoll (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoll} function is like @code{strtol} except that it returns
a @code{long long int} value, and accepts numbers with a correspondingly
larger range.
@@ -2149,6 +2244,7 @@ The @code{strtoll} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {long long int} wcstoll (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoll} function is equivalent to the @code{strtoll} function
in nearly all aspects but handles wide character strings.
@@ -2158,12 +2254,14 @@ The @code{wcstoll} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {long long int} strtoq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtoq} (``string-to-quad-word'') is the BSD name for @code{strtoll}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {long long int} wcstoq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoq} function is equivalent to the @code{strtoq} function
in nearly all aspects but handles wide character strings.
@@ -2173,6 +2271,7 @@ The @code{wcstoq} function is a GNU extension.
@comment stdlib.h
@comment ISO
@deftypefun {unsigned long long int} strtoull (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoull} function is related to @code{strtoll} the same way
@code{strtoul} is related to @code{strtol}.
@@ -2182,6 +2281,7 @@ The @code{strtoull} function was introduced in @w{ISO C99}.
@comment wchar.h
@comment ISO
@deftypefun {unsigned long long int} wcstoull (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoull} function is equivalent to the @code{strtoull} function
in nearly all aspects but handles wide character strings.
@@ -2191,12 +2291,14 @@ The @code{wcstoull} function was introduced in @w{Amendment 1} of @w{ISO C90}.
@comment stdlib.h
@comment BSD
@deftypefun {unsigned long long int} strtouq (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
@code{strtouq} is the BSD name for @code{strtoull}.
@end deftypefun
@comment wchar.h
@comment GNU
@deftypefun {unsigned long long int} wcstouq (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstouq} function is equivalent to the @code{strtouq} function
in nearly all aspects but handles wide character strings.
@@ -2206,6 +2308,7 @@ The @code{wcstouq} function is a GNU extension.
@comment inttypes.h
@comment ISO
@deftypefun intmax_t strtoimax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoimax} function is like @code{strtol} except that it returns
a @code{intmax_t} value, and accepts numbers of a corresponding range.
@@ -2222,6 +2325,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun intmax_t wcstoimax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoimax} function is equivalent to the @code{strtoimax} function
in nearly all aspects but handles wide character strings.
@@ -2231,6 +2335,7 @@ The @code{wcstoimax} function was introduced in @w{ISO C99}.
@comment inttypes.h
@comment ISO
@deftypefun uintmax_t strtoumax (const char *restrict @var{string}, char **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{strtoumax} function is related to @code{strtoimax}
the same way that @code{strtoul} is related to @code{strtol}.
@@ -2241,6 +2346,7 @@ See @ref{Integers} for a description of the @code{intmax_t} type. The
@comment wchar.h
@comment ISO
@deftypefun uintmax_t wcstoumax (const wchar_t *restrict @var{string}, wchar_t **restrict @var{tailptr}, int @var{base})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstoumax} function is equivalent to the @code{strtoumax} function
in nearly all aspects but handles wide character strings.
@@ -2250,6 +2356,7 @@ The @code{wcstoumax} function was introduced in @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefun {long int} atol (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtol} function with a @var{base}
argument of @code{10}, except that it need not detect overflow errors.
The @code{atol} function is provided mostly for compatibility with
@@ -2259,6 +2366,7 @@ existing code; using @code{strtol} is more robust.
@comment stdlib.h
@comment ISO
@deftypefun int atoi (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is like @code{atol}, except that it returns an @code{int}.
The @code{atoi} function is also considered obsolete; use @code{strtol}
instead.
@@ -2267,6 +2375,7 @@ instead.
@comment stdlib.h
@comment ISO
@deftypefun {long long int} atoll (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to @code{atol}, except it returns a @code{long
long int}.
@@ -2331,6 +2440,9 @@ as well.
@comment stdlib.h
@comment ISO
@deftypefun double strtod (const char *restrict @var{string}, char **restrict @var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
+@c Besides the unsafe-but-ruled-safe locale uses, this uses a lot of
+@c mpn, but it's all safe.
The @code{strtod} (``string-to-double'') function converts the initial
part of @var{string} to a floating-point number, which is returned as a
value of type @code{double}.
@@ -2416,6 +2528,7 @@ examining @var{errno} and @var{tailptr}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} strtold (const char *@var{string}, char **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
These functions are analogous to @code{strtod}, but return @code{float}
and @code{long double} values respectively. They report errors in the
same way as @code{strtod}. @code{strtof} can be substantially faster
@@ -2435,6 +2548,7 @@ These functions have been GNU extensions and are new to @w{ISO C99}.
@comment stdlib.h
@comment ISO
@deftypefunx {long double} wcstold (const wchar_t *@var{string}, wchar_t **@var{tailptr})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
The @code{wcstod}, @code{wcstof}, and @code{wcstol} functions are
equivalent in nearly all aspect to the @code{strtod}, @code{strtof}, and
@code{strtold} functions but it handles wide character string.
@@ -2447,6 +2561,7 @@ C90}. The @code{wcstof} and @code{wcstold} functions were introduced in
@comment stdlib.h
@comment ISO
@deftypefun double atof (const char *@var{string})
+@safety{@mtsafe{glocale}@assafe{glocale}@acsafe{}}
This function is similar to the @code{strtod} function, except that it
need not detect overflow and underflow errors. The @code{atof} function
is provided mostly for compatibility with existing code; using
@@ -2473,6 +2588,7 @@ All these functions are defined in @file{stdlib.h}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} ecvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{ecvt} converts the floating-point number @var{value}
to a string with at most @var{ndigit} decimal digits. The
returned string contains no decimal point or sign. The first digit of
@@ -2498,6 +2614,7 @@ and sets @var{d} to @code{2} and @var{n} to @code{0}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} fcvt (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
The function @code{fcvt} is like @code{ecvt}, but @var{ndigit} specifies
the number of digits after the decimal point. If @var{ndigit} is less
than zero, @var{value} is rounded to the @math{@var{ndigit}+1}'th place to the
@@ -2516,6 +2633,9 @@ to @code{fcvt}.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun {char *} gcvt (double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
+@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
+@c args_value if it's too large, but gcvt never exercises this path.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.
@@ -2530,6 +2650,7 @@ functions that take @code{long double} arguments.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qecvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{ecvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2538,6 +2659,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qfcvt (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg})
+@safety{@mtunsafe{staticbuf}@assafe{staticbuf}@acsafe{}}
This function is equivalent to @code{fcvt} except that it
takes a @code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2546,6 +2668,7 @@ restricted by the precision of a @code{long double}.
@comment stdlib.h
@comment GNU
@deftypefun {char *} qgcvt (long double @var{value}, int @var{ndigit}, char *@var{buf})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
This function is equivalent to @code{gcvt} except that it takes a
@code{long double} for the first parameter and that @var{ndigit} is
restricted by the precision of a @code{long double}.
@@ -2566,6 +2689,7 @@ user-supplied buffer.
@comment stdlib.h
@comment GNU
@deftypefun int ecvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{ecvt_r} function is the same as @code{ecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2577,6 +2701,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment SVID, Unix98
@deftypefun int fcvt_r (double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{fcvt_r} function is the same as @code{fcvt}, except that it
places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2588,6 +2713,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qecvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qecvt_r} function is the same as @code{qecvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
@@ -2599,6 +2725,7 @@ This function is a GNU extension.
@comment stdlib.h
@comment GNU
@deftypefun int qfcvt_r (long double @var{value}, int @var{ndigit}, int *@var{decpt}, int *@var{neg}, char *@var{buf}, size_t @var{len})
+@safety{@mtsafe{}@assafe{}@acsafe{}}
The @code{qfcvt_r} function is the same as @code{qfcvt}, except
that it places its result into the user-specified buffer pointed to by
@var{buf}, with length @var{len}. The return value is @code{-1} in
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c7b61a96cbd8cb57ef7aedbddf47a3368451583d
commit c7b61a96cbd8cb57ef7aedbddf47a3368451583d
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:37 2013 -0300
Rename unused scalb to scalbn to match prototype.
for ChangeLog
* sysdeps/ieee754/support.c (scalbn): Rename from
wrongly-typed scalb. Adjust all callers. Apparently unused.
diff --git a/sysdeps/ieee754/support.c b/sysdeps/ieee754/support.c
index 00476c0..0bbd892 100644
--- a/sysdeps/ieee754/support.c
+++ b/sysdeps/ieee754/support.c
@@ -82,7 +82,7 @@ static char sccsid[] = "@(#)support.c 8.1 (Berkeley) 6/4/93";
static const double novf=1.7E308, nunf=3.0E-308,zero=0.0;
#endif /* defined(vax)||defined(tahoe) */
-double scalb(x,N)
+double scalbn(x,N)
double x; int N;
{
int k;
@@ -106,7 +106,7 @@ double x; int N;
if( (k= *px & mexp ) != mexp ) {
if( N<-2100) return(nunf*nunf); else if(N>2100) return(novf+novf);
if( k == 0 ) {
- x *= scalb(1.0,(int)prep1); N -= prep1; return(scalb(x,N));}
+ x *= scalbn(1.0,(int)prep1); N -= prep1; return(scalbn(x,N));}
#endif /* defined(vax)||defined(tahoe) */
if((k = (k>>gap)+ N) > 0 )
@@ -115,7 +115,7 @@ double x; int N;
else
if( k > -prep1 )
/* gradual underflow */
- {*px=(*px&~mexp)|(short)(1<<gap); x *= scalb(1.0,k-1);}
+ {*px=(*px&~mexp)|(short)(1<<gap); x *= scalbn(1.0,k-1);}
else
return(nunf*nunf);
}
@@ -228,7 +228,7 @@ double x,p;
else if ( ((*pp & mexp)>>gap) <= 1 )
/* subnormal p, or almost subnormal p */
- { double b; b=scalb(1.0,(int)prep1);
+ { double b; b=scalbn(1.0,(int)prep1);
p *= b; x = drem(x,p); x *= b; return(drem(x,p)/b);}
else if ( p >= novf/2)
{ p /= 2 ; x /= 2; return(drem(x,p)*2);}
@@ -294,8 +294,8 @@ double x;
/* scale x to [1,4) */
n=logb(x);
- x=scalb(x,-n);
- if((m=logb(x))!=0) x=scalb(x,-m); /* subnormal number */
+ x=scalbn(x,-n);
+ if((m=logb(x))!=0) x=scalbn(x,-m); /* subnormal number */
m += n;
n = m/2;
if((n+n)!=m) {x *= 2; m -=1; n=m/2;}
@@ -326,7 +326,7 @@ double x;
b=1.0+r/4; if(b>1.0) t=1;
if(t>=0) q+=r; }
-end: return(scalb(q,n));
+end: return(scalbn(q,n));
}
#if 0
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c2080123a1257f86601d8639f289ea4e3e6e27d7
commit c2080123a1257f86601d8639f289ea4e3e6e27d7
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:36 2013 -0300
Note that powerpc fpu emulation status is not thread- or signal-safe.
for ports/ChangeLog.powerpc
PR 15483
* sysdeps/powerpc/nofpu/sim-full.c: Add FIXME note about
the need for thread-specific variables preserved across signal
handlers.
* sysdeps/powerpc/nofpu/soft-supp.h: Likewise.
* sysdeps/powerpc/soft-fp/sfp-machine.h: Likewise.
diff --git a/ports/sysdeps/powerpc/nofpu/sim-full.c b/ports/sysdeps/powerpc/nofpu/sim-full.c
index fc061d0..e167033 100644
--- a/ports/sysdeps/powerpc/nofpu/sim-full.c
+++ b/ports/sysdeps/powerpc/nofpu/sim-full.c
@@ -21,6 +21,11 @@
#include "soft-fp.h"
#include "soft-supp.h"
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
/* Global to store sticky exceptions. */
int __sim_exceptions __attribute__ ((nocommon));
libc_hidden_data_def (__sim_exceptions);
diff --git a/ports/sysdeps/powerpc/nofpu/soft-supp.h b/ports/sysdeps/powerpc/nofpu/soft-supp.h
index b9638bb..64a3d2a 100644
--- a/ports/sysdeps/powerpc/nofpu/soft-supp.h
+++ b/ports/sysdeps/powerpc/nofpu/soft-supp.h
@@ -26,6 +26,11 @@ typedef union
} fenv_union_t;
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
diff --git a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
index c2a190e..508d869 100644
--- a/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
+++ b/ports/sysdeps/powerpc/soft-fp/sfp-machine.h
@@ -54,6 +54,11 @@
#define FP_ROUNDMODE __sim_round_mode
#define FP_TRAPPING_EXCEPTIONS (~__sim_disabled_exceptions & 0x3e000000)
+/* FIXME: these variables should be thread specific (see bugzilla bug
+ 15483) and ideally preserved across signal handlers, like hardware
+ FP status words, but the latter is quite difficult to accomplish in
+ userland. */
+
extern int __sim_exceptions;
libc_hidden_proto (__sim_exceptions);
extern int __sim_disabled_exceptions;
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=706d7b14f054f498250c63c1e221a935b0e5ced2
commit 706d7b14f054f498250c63c1e221a935b0e5ced2
Author: Alexandre Oliva <aoliva@redhat.com>
Date: Wed Jun 26 10:46:35 2013 -0300
Thread safety documentation.
for ChangeLog
* manual/macros.texi: Introduce macros to document thread
safety properties.
* manual/intro.texi: Introduce the properties themselves.
diff --git a/manual/intro.texi b/manual/intro.texi
index deaf089..2630a77 100644
--- a/manual/intro.texi
+++ b/manual/intro.texi
@@ -172,6 +172,314 @@ pattern matching facilities (@pxref{Pattern Matching}).
@comment <wordexp.h> (not yet implemented)
@comment confstr
+The safety properties of @glibcadj{} functions, documented as MT-, AS-
+and AC- -Safe and -Unsafe are assessed according to the criteria set
+forth in the POSIX standard for Multi-Thread, Async-Signal and
+Async-Cancel safety.
+
+Intuitive definition of these properties, that attempt to capture
+the meaning of the standard definitions, follow:
+
+@itemize @bullet
+
+@item
+@cindex MT-Safe
+MT-Safe functions are safe to call in the presence of other threads. MT
+stands for Multi Thread.
+
+@item
+@cindex AS-Safe
+AS-Safe functions are safe to call from asynchronous signal handlers.
+AS stands for Asynchronous Signal.
+
+@item
+@cindex AC-Safe
+AC-Safe functions are safe to call when asynchronous cancellation is
+enabled. AC stands for Asynchronous Cancellation.
+
+@item
+@cindex MT-Unsafe
+@cindex AS-Unsafe
+@cindex AC-Unsafe
+MT-Unsafe, AS-Unsafe, AC-Unsafe functions are not safe to call within
+the contexts described above: they may cause deviations from the
+specification in the behavior of the calls themselves, or of any other
+concurrent, ongoing or subsequent calls.
+
+Functions not explicitly documented as Safe should be regarded as
+Unsafe.
+
+@end itemize
+
+By ``safe to call'', we mean that, as long as the program does not
+invoke undefined or unspecified behavior, the called functions will
+behave as documented, and they won't cause any other functions to
+deviate from their documented behavior.
+
+Although we strive to abide by the standards, in some cases our
+implementation is safe even when the standard does not demand safety,
+and in other cases our implementation does not meet the standard safety
+requirements. At this point, we document the result of an assessment of
+the properties of our implementation, so the safety documentation in
+this manual is not to be regarded as a promise of future behavior: in
+future releases, functions that are documented as safe may become
+unsafe, and safety constraints may be removed or introduced. We
+envision turning the results of the assessment into a set of promises as
+stable as our interfaces, but we're not there yet.
+
+When a function is safe to call only under certain constraints, we will
+add keywords to the safety notes whose meanings are defined as follows:
+
+@itemize @bullet
+
+@c glocale-revisit
+@item @code{glocale}
+@cindex glocale
+
+In threads that have not overridden the thread-local locale object by
+calling @code{uselocale}, calling functions annotated with
+@code{glocale} concurrently with @code{setlocale} may cause the
+functions to behave in ways that don't correspond to either the previous
+or the subsequent global locale.
+
+Although the @code{setlocale} function modifies the global locale object
+while holding a lock, @code{glocale}-annotated functions may access this
+global object multiple times, without any measures to ensure it doesn't
+change while it's in use.
+
+Each of these unprotected uses will use either the previous or the
+subsequent locale information, so they won't cause crashes or access to
+uninitialized, unmapped or recycled memory. However, since some cases
+use cached locale information while others access the effective locale
+object anew, concurrent changes to the global locale object may cause
+these functions to behave in ways that they could not behave should the
+execution of @code{setlocale} and of the so-annotated functions be
+atomic, or even should @code{setlocale} alone be atomic.
+
+The @code{glocale} constraint indicates functions are only safe to call
+if the effective thread-local locale is not the global locale object
+(because it was overridden with @code{uselocale}). Failing that,
+@code{setlocale} should not be called while these functions are active.
+
+
+@item @code{uunguard}
+@cindex uunguard
+
+Functions marked with @code{uunguard} modify non-atomically arguments or
+global objects that other functions access without synchronization. To
+ensure MT- and AS-Safe behavior, callers should refrain from calling
+so-marked functions concurrently with users of the corresponding
+objects.
+
+Unguarded users of the global locale object modified by @code{setlocale}
+are marked with @code{glocale}.
+
+Unguarded users of the @code{printf} extension objects modified by
+@code{register_printf_function} are the entire family of printf
+functions.
+
+Unguarded users of streams configured with @code{__fsetlocking} for
+locking by the caller are the entire family of stdio functions.
+
+
+@item @code{xguargs}
+@cindex xguargs
+
+Functions marked with @code{xguargs} may use or modify objects passed as
+arguments without any guards to ensure consistency. To ensure MT- and
+AS-Safe behavior, callers must ensure that the objects passed in are not
+modified concurrently by other threads or signal handlers.
+
+
+@end itemize
+
+
+Additional safety issues that cannot be worked around by constraining
+the program are also documented with keywords, whose meaning is defined
+as follows:
+
+@itemize @bullet
+
+@item @code{staticbuf}
+@cindex staticbuf
+
+Functions annotated with @code{staticbuf} use internal static buffers or
+variables in ways that may cause concurrent calls to interfere
+destructively.
+
+These functions are all MT-Unsafe and AC-Unsafe. However, many of them
+offer reentrant variants for MT-Safe and, in some cases, AC-Safe use.
+
+
+@item @code{fdleak}
+@cindex fdleak
+
+Functions annotated with @code{fdleak} may leak file descriptors if
+asynchronous thread cancellation interrupts their execution.
+
+Functions that allocate or deallocate file descriptors will generally be
+marked as such, because even if they attempted to protect the file
+descriptor allocation and deallocation with cleanup regions, allocating
+a new descriptor and storing its number where the cleanup region could
+release it cannot be performed as a single atomic operation, just like
+releasing it and taking it out of the data structure normally
+responsible for releasing it cannot be performed atomically, always
+leaving a window in which the descriptor cannot be released because it
+wasn't stored in the cleanup handler argument yet, or in which it was
+already taken out of it before releasing it in the normal flow (we
+cannot keep it there because, in case of cancellation, we wouldn't be
+able to tell whether it was already released, and the same number could
+have been already assigned to another descriptor by another thread, so
+we couldn't just release it again).
+
+Such leaks could be internally avoided, with some performance penalty,
+by temporarily disabling asynchronous thread cancellation. However,
+since callers of allocation or deallocation functions would have to do
+this themselves, to avoid the same sort of leak in their own layer, it
+makes more sense for the library to assume they are taking care of it
+than to impose a performance penalty that is redundant when the problem
+is solved in upper layers, and insufficient when it isn't.
+
+This remark by itself does not cause a function to be regarded as
+AC-Unsafe. However, cummulative effects of such leaks may pose a
+problem for some programs. If this is the case, suspending asynchronous
+cancellation for the duration of calls to such functions is recommended.
+
+
+@item @code{memleak}
+@cindex memleak
+
+Functions annotated with @code{memleak} may leak memory if asynchronous
+thread cancellation interrupts their execution.
+
+The problem is similar to that of file descriptors: there is no atomic
+interface to allocate memory and store its address in the argument to a
+cleanup handler, or to release it and remove its address from that
+argument, without at least temporarily disabling asynchronous
+cancellation, which these functions do not do.
+
+This remark does not by itself cause a function to be regarded as
+generally AC-Unsafe. However, cummulative effects of such leaks may be
+severe enough for some programs that disabling asynchronous cancellation
+for the duration of calls to such functions may be required.
+
+
+@item @code{lockleak}
+@cindex lockleak
+
+Functions annotated with @code{lockleak} may leak locks if asynchronous
+thread cancellation interrupts their execution.
+
+While the problem is similar to that of file descriptors, in that there
+is not any atomic interface to lock and take note of the need for
+unlocking in a cleanup, or to unlock and take note that there is no
+longer such a need, the problem posed by lock leaks is far more serious:
+when a file descriptor or a piece of memory is leaked, it becomes
+inaccessible and subsequent attempts to allocate a file descriptor or
+some memory will just use another resource. However, once a lock is
+left taken, attempts to take that lock will block indefinitely.
+(Recursive locks will only block other threads, and read locks will only
+block writer threads, but the point still holds in general).
+
+For the reasons above, functions that leak locks are all AC-Unsafe.
+
+
+@item @code{selfdeadlock}
+@cindex selfdeadlock
+
+Functions marked with @code{selfdeadlock} take a non-recursive lock to
+ensure MT-Safety while modifying data structures guarded by the lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the result is a deadlock.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid a deadlock if any signal handler might need
+to call them.
+
+
+@item @code{asynconsist}
+@cindex asynconsist
+
+Functions marked with @code{asynconsist} take a recursive lock to ensure
+MT-Safety while accessing or modifying data structures guarded by the
+lock.
+
+If such a function is interrupted by a signal while holding the lock,
+and the signal handler calls any function that takes the same
+non-recursive lock, the latter function may observe a partially updated,
+inconsistent data structure, and misbehave.
+
+Blocking asynchronous signal delivery while calling such functions is
+the only safe way to avoid the misbehavior that may ensue if any signal
+handler might need to call them.
+
+
+@item @code{asmalloc}
+@cindex asmalloc
+
+This is a sub-case of @code{asynconsist}. Functions marked with
+@code{asmalloc} perform memory allocation or deallocation with the
+@code{malloc}/@code{free} family of functions.
+
+If heap management functions are interrupted by asynchronous signals,
+and the signal handlers attempt to perform memory allocation or
+deallocation of their own, they may encounter heap data structures in a
+partially updated state, and the interrupted calls may malfunction
+because of the changes made within the signal handler.
+
+
+@item @code{incansist}
+@cindex incansist
+
+Functions marked with @code{incansist} modify data structures in a
+non-atomic way.
+
+If such a function is asynchronously canceled, it may leave the data
+structure in a partially updated, inconsistent state. Subsequent uses
+of the data structure may misbehave.
+
+Disabling asynchronous cancelation while calling such functions is the
+only safe way to avoid the misbehavior that may ensure if the thread is
+canceled while the function is running.
+
+
+@item @code{simfpu}
+@cindex simfpu
+
+Functions annotated with @code{simfpu} may misbehave on powerpc ports in
+which the floating-point unit is disabled and floating point simulation
+is used instead. On such platforms, @theglibc{} uses global variables
+to hold floating-point exceptions, rounding modes and disabled
+exceptions, rather than thread-local state. This is a @glibcadj{} bug.
+
+Furthermore, even if this bug is fixed, the emulation of floating-point
+control and status registers will not go as far as saving and restoring
+these emulated registers across asynchronous signal handlers. Indeed,
+although most platforms preserve floating-point context as part of the
+thread context, preserving control and status words is not mandatory:
+standards recommend that programs that modify them within signal
+handlers restore them to the original state before returning.
+
+This note does not cause functions to be marked as MT-Unsafe, even
+though, on the affected platform, they are MT-Unsafe indeed.
+
+
+@item @code{unposix}
+@cindex unposix
+
+This remark indicates our safety documentation is known to differ from
+the requirements set by the POSIX standard. For example, POSIX does not
+require a function to be Safe, but our implementation is Safe, or
+vice-versa.
+
+For the time being, the absence of this remark does not imply the safety
+propertes we documentated are identical to those mandated by POSIX for
+the corresponding functions.
+
+@end itemize
+
@node Berkeley Unix, SVID, POSIX, Standards and Portability
@subsection Berkeley Unix
diff --git a/manual/macros.texi b/manual/macros.texi
index daaf1c0..6955f32 100644
--- a/manual/macros.texi
+++ b/manual/macros.texi
@@ -47,4 +47,46 @@ GNU/Hurd systems
GNU/Linux systems
@end macro
+@c Document a function as thread safe.
+@macro mtsafe {comments}
+| MT-Safe \comments\
+|
+@end macro
+@c Document a function as thread unsafe.
+@macro mtunsafe {comments}
+| MT-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use in asynchronous signal handlers.
+@macro assafe {comments}
+| AS-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use in asynchronous signal
+@c handlers. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro asunsafe {comments}
+| AS-Unsafe \comments\
+|
+@end macro
+@c Document a function as safe for use when asynchronous cancellation is
+@c enabled.
+@macro acsafe {comments}
+| AC-Safe \comments\
+|
+@end macro
+@c Document a function as unsafe for use when asynchronous cancellation
+@c is enabled. This distinguishes unmarked functions, for which this
+@c property has not been assessed, from those that have been analyzed.
+@macro acunsafe {comments}
+| AC-Unsafe \comments\
+|
+@end macro
+@c Format the thread and async safety properties of a function.
+@macro safety {notes}
+\notes\
+
+
+@end macro
+
@end ifclear
-----------------------------------------------------------------------
hooks/post-receive
--
GNU C Library master sources